[
https://issues.apache.org/jira/browse/FEDIZ-104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Bernhardt reassigned FEDIZ-104:
-----------------------------------
Assignee: (was: Jan Bernhardt)
> Configurable (fediz_config.xml) token expiration validation
> -----------------------------------------------------------
>
> Key: FEDIZ-104
> URL: https://issues.apache.org/jira/browse/FEDIZ-104
> Project: CXF-Fediz
> Issue Type: Improvement
> Components: Plugin
> Affects Versions: 1.1.2
> Reporter: Jan Bernhardt
> Fix For: 1.2.1
>
>
> It should be configurable within the fediz-config.xml to disable the token
> validation (should be enabled by default).
> If for example a SAML token lifetime is over, the fediz plugin should
> redirect the user to its IDP to request a new SAML token. A valid SAML token
> could be required at the application to invoke further web services.
> Ideally the user session shall not be terminated within the fediz plugin, but
> should remain active, in case that the user receives a new and valid token,
> so that he/she can continue with their work (session) at the application.
> However if the token is only needed for the login authentication and is not
> required later on, it should be possible to disable token validation, so that
> the lifetime for the "login"-token can be optimized for the login process
> only.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
