[
https://issues.apache.org/jira/browse/FEDIZ-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh reassigned FEDIZ-140:
-----------------------------------------
Assignee: Colm O hEigeartaigh
> IDP caches outdated SAML Tokens
> -------------------------------
>
> Key: FEDIZ-140
> URL: https://issues.apache.org/jira/browse/FEDIZ-140
> Project: CXF-Fediz
> Issue Type: Bug
> Components: IDP
> Affects Versions: 1.2.1
> Reporter: Jan Bernhardt
> Assignee: Colm O hEigeartaigh
> Fix For: 1.3.0, 1.2.2
>
>
> I did some tests today with a SAML SSO trusted IDP. During these tests I've
> noticed that the Fediz-IDP will only redirect me once to the trusted 3rd
> party IDP for login. Then it caches my (3rd party) SAML token even if the
> token is not valid because the lifetime of that token ended. The result is,
> that I see an error page at the IDP, instead of getting redirected back again
> to my 3rd party IDP.
> I see two solutions for this issue.
> Option 1: Provide a "disable" option on the Fediz IDP to ignore lifetime of
> cached tokens.
> Option 2: Redirect back to 3rd Party IDP if cached token is not valid any
> longer.
> I think it would be good if both options could be provided within Fediz,
> leaving the choice to the user, depending on their use case.
> A current workaround is to disable token caching in the IDP.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
