Description
The Created element of the RSTR lifetime element is set to the current time. Therefore, it doesn't match with the condition element in the SAML token.
CXF-3931 added support for lifetime element in RST in DefaultConditionsProvider.
It's the decision of the STS from when till when a token is valid. This logic is in the DefaultConditionsProvider in case of SAML. The information put into the Condition element can't be set on the lifetime element of the RSTR because:
- TokenProviderResponse only provides the method (no from, till semantic)
public long getLifetime()
- If lifetime is below 5 minutes, the RSTR lifetime element is set to 5 minutes:
protected static LifetimeType createLifetime(long lifetime) {
...
Date creationTime = new Date();
Date expirationTime = new Date();
if (lifetime <= 0)
Attachments
Issue Links
- is related to
-
CXF-5278 STS Renew returns incorrect lifetime
- Closed