Jan Bernhardt created FEDIZ-104:
-----------------------------------
Summary: Configurable (fediz_config.xml) token expiration
validation
Key: FEDIZ-104
URL: https://issues.apache.org/jira/browse/FEDIZ-104
Project: CXF-Fediz
Issue Type: Improvement
Components: Plugin
Affects Versions: 1.1.2
Reporter: Jan Bernhardt
Assignee: Jan Bernhardt
Fix For: 1.2.0
It should be configurable within the fediz-config.xml to disable the token
validation (should be enabled by default).
If for example a SAML token lifetime is over, the fediz plugin should redirect
the user to its IDP to request a new SAML token. A valid SAML token could be
required at the application to invoke further web services.
Ideally the user session shall not be terminated within the fediz plugin, but
should remain active, in case that the user receives a new and valid token, so
that he/she can continue with their work (session) at the application.
However if the token is only needed for the login authentication and is not
required later on, it should be possible to disable token validation, so that
the lifetime for the "login"-token can be optimized for the login process only.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
