Return-Path: 
 <issues-return-27088-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-issues-archive@www.apache.org
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id DDF3410148
	for <apmail-cxf-issues-archive@www.apache.org>;
 Fri, 13 Sep 2013 16:01:23 +0000 (UTC)
Received: (qmail 55957 invoked by uid 500); 13 Sep 2013 10:50:57 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 55810 invoked by uid 500); 13 Sep 2013 10:50:56 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 55742 invoked by uid 99); 13 Sep 2013 10:50:52 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Sep 2013 10:50:52 +0000
Date: Fri, 13 Sep 2013 10:50:51 +0000 (UTC)
From: "Colm O hEigeartaigh (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: <JIRA.12668337.1379014400829.128506.1379069451977@arcas>
In-Reply-To: <JIRA.12668337.1379014400829@arcas>
References: <JIRA.12668337.1379014400829@arcas>
Subject: [jira] [Assigned] (CXF-5278) STS Renew returns incorrect lifetime
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/CXF-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh reassigned CXF-5278:
----------------------------------------

    Assignee: Colm O hEigeartaigh
    
> STS Renew returns incorrect lifetime
> ------------------------------------
>
>                 Key: CXF-5278
>                 URL: https://issues.apache.org/jira/browse/CXF-5278
>             Project: CXF
>          Issue Type: Bug
>          Components: STS
>    Affects Versions: 2.7.6
>            Reporter: Ethan Wallwork
>            Assignee: Colm O hEigeartaigh
>
> SAMLTokenRenewer#renewToken sets the lifetime attribute of the TokenRenwerResponse to the difference between the NotBefore and NotOnOrAfter attributes of the SAML assertion conditions.  Later the TokenRenewOperation#createREsponse method creates a Lifetime using the current timestamp as the Created value and the current timestamp plus the previously calculated difference as the Expires.
> In cases where the NotBefore of the SAML assertion conditions is not the current time this results in an incorrect lifetime in the response from the renew operation.  For example, if the NotBefore is a few minutes in the past to work around systems with clock differences then the lifetime in the response will claim the token expires a few minutes before it actually does.  
> This seems to cause issues with caching of tokens on the client side (STSClient) as the token will be cached for a period shorter than it should be.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira