Uploaded image for project: 'CXF-Fediz'
  1. CXF-Fediz
  2. FEDIZ-104

Configurable (fediz_config.xml) token expiration validation

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.2
    • Fix Version/s: 1.2.2
    • Component/s: Plugin
    • Labels:
      None

      Description

      It should be configurable within the fediz-config.xml to disable the token validation (should be enabled by default).

      If for example a SAML token lifetime is over, the fediz plugin should redirect the user to its IDP to request a new SAML token. A valid SAML token could be required at the application to invoke further web services.

      Ideally the user session shall not be terminated within the fediz plugin, but should remain active, in case that the user receives a new and valid token, so that he/she can continue with their work (session) at the application.

      However if the token is only needed for the login authentication and is not required later on, it should be possible to disable token validation, so that the lifetime for the "login"-token can be optimized for the login process only.

        Issue Links

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              jan4talend Jan Bernhardt
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development