Hi, On Wed, May 31, 2017 at 1:23 PM, Asela Pathberiya <[email protected]> wrote:
> > > On Wed, May 31, 2017 at 1:08 PM, Farasath Ahamed <[email protected]> > wrote: > >> >> On Wed, May 31, 2017 at 12:28 PM, Thanuja Jayasinghe <[email protected]> >> wrote: >> >>> Hi Dinali, >>> >>> Consider the following calculation. >>> >>> expiry time = issuedTimeInMillis + validityPeriodMillis - >>> (System.currentTimeMillis() - timestampSkew) >>> >>> So actually token is valid for (validityPeriodMillis + timestampSkew) >>> seconds. This additional time is added to avoid the error occurred due to >>> the time synchronization issues between servers. >>> >>> If your servers are perfectly synced then you can use timestampSkew >>> value as 0. >>> >> >> If we do not have any reasoning behind this 300s value the shouldn't our >> default value be 0 as Dinali has suggested? >> > > Yes. Best practice is to syn server's time properly. +1 keeping 0 as > the default value.. > We will fix this in IS 5.4.0. Created a Jira to track [1] Thanks Isura. [1] https://wso2.org/jira/browse/IDENTITY-6033 > > >> >> >>> Thanks, >>> Thanuja >>> >>> >>> On Wed, May 31, 2017 at 12:01 PM, Dinali Dabarera <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> In our identity.xml the default timeStampScrew value is used as 300 >>>> seconds. Shouldn't this be 0 seconds? >>>> >>>> Because when we are getting a token from password grant type again and >>>> again *without a time delay*, the expiry time of the token >>>> increases than its accepted value because of this equation we are using. >>>> >>>> expiry time = issuedTimeInMillis + validityPeriodMillis - (System. >>>> currentTimeMillis() - timestampSkew); >>>> >>>> Since timestampSkew = 300 seconds, validityPeriodMillis = 3600 seconds, >>>> therefore, expiry time = 3644 seconds which can not be happened. >>>> >>>> Therefore, it is better to have the default timeStampScrew value as 0 >>>> seconds in order to get correct results. >>>> >>>> >>>> Thanks! >>>> >>>> -- >>>> *Dinali Rosemin Dabarera* >>>> Software Engineer >>>> WSO2 Lanka (pvt) Ltd. >>>> Web: http://wso2.com/ >>>> Email : [email protected] >>>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>>> Mobile: +94770198933 <+94%2077%20019%208933> >>>> >>>> >>>> >>>> >>>> <https://lk.linkedin.com/in/dinalidabarera> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> *Thanuja Lakmal* >>> Associate Technical Lead >>> WSO2 Inc. http://wso2.com/ >>> *lean.enterprise.middleware* >>> Mobile: +94715979891 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 <+94%2077%20762%205933> > +358 449 228 979 > > http://soasecurity.org/ > http://xacmlinfo.org/ > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Isura Dilhara Karunaratne* Senior Software Engineer | WSO2 Email: [email protected] Mob : +94 772 254 810 <+94%2077%20225%204810> Blog : http://isurad.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
