[
https://issues.apache.org/jira/browse/CXF-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated CXF-5278:
-------------------------------------
Fix Version/s: 2.6.10
> STS Renew returns incorrect lifetime
> ------------------------------------
>
> Key: CXF-5278
> URL: https://issues.apache.org/jira/browse/CXF-5278
> Project: CXF
> Issue Type: Bug
> Components: STS
> Affects Versions: 2.7.6
> Reporter: Ethan Wallwork
> Assignee: Colm O hEigeartaigh
> Fix For: 2.6.10, 2.7.7
>
>
> SAMLTokenRenewer#renewToken sets the lifetime attribute of the
> TokenRenwerResponse to the difference between the NotBefore and NotOnOrAfter
> attributes of the SAML assertion conditions. Later the
> TokenRenewOperation#createREsponse method creates a Lifetime using the
> current timestamp as the Created value and the current timestamp plus the
> previously calculated difference as the Expires.
> In cases where the NotBefore of the SAML assertion conditions is not the
> current time this results in an incorrect lifetime in the response from the
> renew operation. For example, if the NotBefore is a few minutes in the past
> to work around systems with clock differences then the lifetime in the
> response will claim the token expires a few minutes before it actually does.
> This seems to cause issues with caching of tokens on the client side
> (STSClient) as the token will be cached for a period shorter than it should
> be.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
