[
https://issues.apache.org/jira/browse/CXF-5279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13766546#comment-13766546
]
Colm O hEigeartaigh commented on CXF-5279:
------------------------------------------
I'm disinclined to fix this issue for the moment. The working assumption is
that the EHCacheTokenStore only stores valid tokens. If this behaviour were to
change it might have an impact on existing code. If you need to support this
behaviour I suggest plugging in your own TokenStore implementation instead.
Colm.
> STSClient may not be caching tokens long enough when renewal after expiry is
> allowed
> ------------------------------------------------------------------------------------
>
> Key: CXF-5279
> URL: https://issues.apache.org/jira/browse/CXF-5279
> Project: CXF
> Issue Type: Bug
> Components: STS
> Affects Versions: 2.7.6
> Reporter: Ethan Wallwork
>
> It seems that the STSClient caches tokens only for the duration where they
> were valid which prevents renewals after expiry.
> In cases where renewal after expiry is allowed it is possible to renew a
> token after this time. The EHCacheTokenStore calculates the TTL based on the
> Lifetime reported in the STS response, which in turn is calculated from the
> conditions on the SAML assertion. The token will expire from the cache when
> the time is up, and this the STSClient can't use it to issue a renew request
> even if the STS allows renewals after expiry.
> Testing this was a bit tricky because it is based on caching and timeouts but
> I'm reasonably sure this is what's going on.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
