Return-Path: 
 <issues-return-36734-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-issues-archive@www.apache.org
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 37402180FF
	for <apmail-cxf-issues-archive@www.apache.org>;
 Tue, 12 Jan 2016 15:48:40 +0000 (UTC)
Received: (qmail 12333 invoked by uid 500); 12 Jan 2016 15:48:40 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 12265 invoked by uid 500); 12 Jan 2016 15:48:40 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 12200 invoked by uid 99); 12 Jan 2016 15:48:40 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Jan 2016 15:48:39 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id D962F2C1F57
	for <issues@cxf.apache.org>; Tue, 12 Jan 2016 15:48:39 +0000 (UTC)
Date: Tue, 12 Jan 2016 15:48:39 +0000 (UTC)
From: "Colm O hEigeartaigh (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: <JIRA.12923079.1450460811000.85985.1452613719887@Atlassian.JIRA>
In-Reply-To: <JIRA.12923079.1450460811000@Atlassian.JIRA>
References: <JIRA.12923079.1450460811000@Atlassian.JIRA>
 <JIRA.12923079.1450460811653@arcas>
Subject: [jira] [Resolved] (FEDIZ-140) IDP caches outdated SAML Tokens
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/FEDIZ-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved FEDIZ-140.
---------------------------------------
    Resolution: Fixed

> IDP caches outdated SAML Tokens
> -------------------------------
>
>                 Key: FEDIZ-140
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-140
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: IDP
>    Affects Versions: 1.2.1
>            Reporter: Jan Bernhardt
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.3.0, 1.2.2
>
>
> I did some tests today with a SAML SSO trusted IDP. During these tests I've noticed that the Fediz-IDP will only redirect me once to the trusted 3rd party IDP for login. Then it caches my (3rd party) SAML token even if the token is not valid because the lifetime of that token ended. The result is, that I see an error page at the IDP, instead of getting redirected back again to my 3rd party IDP.
> I see two solutions for this issue.
> Option 1: Provide a "disable" option on the Fediz IDP to ignore lifetime of cached tokens.
> Option 2: Redirect back to 3rd Party IDP if cached token is not valid any longer.
> I think it would be good if both options could be provided within Fediz, leaving the choice to the user, depending on their use case.
> A current workaround is to disable token caching in the IDP.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)