cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Bernhardt (JIRA)" <>
Subject [jira] [Created] (FEDIZ-140) IDP caches outdated SAML Tokens
Date Fri, 18 Dec 2015 17:47:46 GMT
Jan Bernhardt created FEDIZ-140:

             Summary: IDP caches outdated SAML Tokens
                 Key: FEDIZ-140
             Project: CXF-Fediz
          Issue Type: Bug
          Components: IDP
    Affects Versions: 1.2.1
            Reporter: Jan Bernhardt

I did some tests today with a SAML SSO trusted IDP. During these tests I've noticed that the
Fediz-IDP will only redirect me once to the trusted 3rd party IDP for login. Then it caches
my (3rd party) SAML token even if the token is not valid because the lifetime of that token
ended. The result is, that I see an error page at the IDP, instead of getting redirected back
again to my 3rd party IDP.

I see two solutions for this issue.
Option 1: Provide a "disable" option on the Fediz IDP to ignore lifetime of cached tokens.

Option 2: Redirect back to 3rd Party IDP if cached token is not valid any longer.

I think it would be good if both options could be provided within Fediz, leaving the choice
to the user, depending on their use case.

A current workaround is to disable token caching in the IDP.

This message was sent by Atlassian JIRA

View raw message