Hi, > This test seems to work - but I'm unclear - by the comment: > >> The service endpoint must contact the STS to validate the received SCT > org.apache.cxf.systest.sts.secure_conv.SecureConversationTest
SecureConversation is supported in two ways in CXF. The first is where the STS is created by a service endpoint + co-located with it. The STS in question is a kind of mock STS that just supports simple issuing of tokens. The second is that you can instead use the full power of the CXF STS to issue tokens via SecureConversation. This is not as efficient as the first method, as it is not co-located with the service endpoint. This means that when the service gets the secured request, it needs to call out to the STS to ask it if the received SecurityContextToken is actually valid or not (+ to retrieve the associated secret). The first method does not have this problem as the STS is co-located with the service endpoint. > Seems SCT are not being renewed correctly ? Renew is not supported for SecurityContextTokens (in either the co-located or full STS). However, I've just merged a fix that makes the client call out to "Issue" if "Renew" fails. Does this meet your requirements? If not the CXF STS allows you to plug in custom implementations to handling renewing tokens. Colm. On Mon, Jul 7, 2014 at 11:53 PM, Frank Misa <[email protected]> wrote: > Hi, > I'm struggling to get a client to renew SCT in a (SAML1.1 + SCT) scenario. > Very little documentation or test examples on this. > > Using the current CXF trunk codebase - I've modified some tests to > delay/expire security token between calls. > > This test seems to work - but I'm unclear - by the comment: > >> The service endpoint must contact the STS to validate the received SCT > org.apache.cxf.systest.sts.secure_conv.SecureConversationTest > > This test, however, fails - in a very similar fashion - to my more > complicated (SAML1.1 + SCT) case: > org.apache.cxf.systest.wssec.examples.secconv.SecureConversationTest > > I've modified the test: > @org.junit.Test > public void testSecureConversation() throws Exception { > ... > samlPort.doubleIt(25); > > delay(5); //delay 5 minutes > > samlPort.doubleIt(50); > ... > } > > Seems SCT are not being renewed correctly ? > > Question: > * Shouldn't the above test - renew SCT if tokens expired between calls ? > * Are there any tests or documentation on SCT renewal in a (SAML1.1 + SCT) > scenario ? > > Hope to hear from someone. > > Thanks > Frank > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-SecureConversationTest-Fails-to-renew-SCT-no-examples-or-tests-tp5746139.html > Sent from the cxf-dev mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
