[FEDIZ-104] Configurable (fediz_config.xml) token expiration validation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.1.2
Fix Version/s: 1.2.2
Component/s: Plugin
Labels:
None

Description

It should be configurable within the fediz-config.xml to disable the token validation (should be enabled by default).

If for example a SAML token lifetime is over, the fediz plugin should redirect the user to its IDP to request a new SAML token. A valid SAML token could be required at the application to invoke further web services.

Ideally the user session shall not be terminated within the fediz plugin, but should remain active, in case that the user receives a new and valid token, so that he/she can continue with their work (session) at the application.

However if the token is only needed for the login authentication and is not required later on, it should be possible to disable token validation, so that the lifetime for the "login"-token can be optimized for the login process only.

Attachments

Issue Links

is related to

FEDIZ-66 Tomcat configurable token expiration validation

Closed

Sub-Tasks

1.	Websphere plugin support for configurable token validation	Closed	Jan Bernhardt
2.	Spring plugin support for configurable token validation	Closed	Colm O hEigeartaigh
3.	CXF plugin support for configurable token validation	Closed	Colm O hEigeartaigh
4.	Jetty plugin support for configurable token validation	Closed	Colm O hEigeartaigh
5.	Tomcat plugin support for configurable token validation	Closed	Jan Bernhardt
6.	Update Plugin Configuration Documentation	Closed	Colm O hEigeartaigh

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Jan Bernhardt

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 19/Mar/15 12:27

Updated:: 17/Feb/16 10:36

Resolved:: 06/Oct/15 15:21