Thopap opened a new pull request #455: CXF-7864: Fix issue if lifetime only specify expired without created URL: https://github.com/apache/cxf/pull/455 WS-trust define that a `/wst:RequestSecurityToken/wst:Lifetime` can be specified with only having `wsu:Expires`. In that case the creationTime shall be set to the current time. CXF simply ignore the lifetime if either expires or created is not present. I have fixed the behavior and provide a unit test for it. I have to also modify test `testSaml2NoExpires` because it fails after my changes, because the creationTime was too fare in the future. The "old" implementation just ignore the creationTime, which was wrong. If my change is acceptable, could you please also merge the fix to 3.2-branch. Thank you.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
