cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Bernhardt (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FEDIZ-104) Configurable (fediz_config.xml) token expiration validation
Date Thu, 19 Mar 2015 12:28:38 GMT
Jan Bernhardt created FEDIZ-104:
-----------------------------------

             Summary: Configurable (fediz_config.xml) token expiration validation
                 Key: FEDIZ-104
                 URL: https://issues.apache.org/jira/browse/FEDIZ-104
             Project: CXF-Fediz
          Issue Type: Improvement
          Components: Plugin
    Affects Versions: 1.1.2
            Reporter: Jan Bernhardt
            Assignee: Jan Bernhardt
             Fix For: 1.2.0


It should be configurable within the fediz-config.xml to disable the token validation (should
be enabled by default).

If for example a SAML token lifetime is over, the fediz plugin should redirect the user to
its IDP to request a new SAML token. A valid SAML token could be required at the application
to invoke further web services.

Ideally the user session shall not be terminated within the fediz plugin, but should remain
active, in case that the user receives a new and valid token, so that he/she can continue
with their work (session) at the application.

However if the token is only needed for the login authentication and is not required later
on, it should be possible to disable token validation, so that the lifetime for the "login"-token
can be optimized for the login process only.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message