cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ethan Wallwork (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5279) STSClient may not be caching tokens long enough when renewal after expiry is allowed
Date Thu, 12 Sep 2013 19:39:54 GMT
Ethan Wallwork created CXF-5279:
-----------------------------------

             Summary: STSClient may not be caching tokens long enough when renewal after expiry
is allowed
                 Key: CXF-5279
                 URL: https://issues.apache.org/jira/browse/CXF-5279
             Project: CXF
          Issue Type: Bug
          Components: STS
    Affects Versions: 2.7.6
            Reporter: Ethan Wallwork


It seems that the STSClient caches tokens only for the duration where they were valid which
prevents renewals after expiry.  

In cases where renewal after expiry is allowed it is possible to renew a token after this
time.  The EHCacheTokenStore calculates the TTL based on the Lifetime reported in the STS
response, which in turn is calculated from the conditions on the SAML assertion.  The token
will expire from the cache when the time is up, and this the STSClient can't use it to issue
a renew request even if the STS allows renewals after expiry.

Testing this was a bit tricky because it is based on caching and timeouts but I'm reasonably
sure this is what's going on.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message