[FEDIZ-140] IDP caches outdated SAML Tokens - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.2.1
Fix Version/s: 1.3.0, 1.2.2
Component/s: IDP
Labels:
None

Description

I did some tests today with a SAML SSO trusted IDP. During these tests I've noticed that the Fediz-IDP will only redirect me once to the trusted 3rd party IDP for login. Then it caches my (3rd party) SAML token even if the token is not valid because the lifetime of that token ended. The result is, that I see an error page at the IDP, instead of getting redirected back again to my 3rd party IDP.

I see two solutions for this issue.
Option 1: Provide a "disable" option on the Fediz IDP to ignore lifetime of cached tokens.

Option 2: Redirect back to 3rd Party IDP if cached token is not valid any longer.

I think it would be good if both options could be provided within Fediz, leaving the choice to the user, depending on their use case.

A current workaround is to disable token caching in the IDP.

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Colm O hEigeartaigh

Reporter:: Jan Bernhardt

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/Dec/15 17:46

Updated:: 17/Feb/16 10:36

Resolved:: 12/Jan/16 15:48

Agile

View on Board

IDP caches outdated SAML Tokens

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment