gonzalad created FEDIZ-214:
------------------------------
Summary: OIDC generated already expired id_token
Key: FEDIZ-214
URL: https://issues.apache.org/jira/browse/FEDIZ-214
Project: CXF-Fediz
Issue Type: Bug
Components: OIDC
Affects Versions: 1.4.2
Reporter: gonzalad
Priority: Minor
Fix For: 1.4.3
id_token expiry claim was is computed from SAML token expiry.
Since SAML token is generated once per OIDC httpSession
and can be reused for generating multiple id_token, there can be cases
where the id_token is generated with an already expired claim.
id_token expiry claim should be computed at id_token generation time.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
