[
https://issues.apache.org/jira/browse/FEDIZ-82?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14970823#comment-14970823
]
Jan Bernhardt commented on FEDIZ-82:
------------------------------------
Hi Filip,
turning the cache off would cause new problems. How can the IDP request new
SAML Token from the STS, when the user wants to login to a second application?
The IDP does not store the username/password from the user. In some cases
username/password is not even used (e.g. kerberos authentication).
> Unwanted reuse of OnBehalfOf assertions
> ---------------------------------------
>
> Key: FEDIZ-82
> URL: https://issues.apache.org/jira/browse/FEDIZ-82
> Project: CXF-Fediz
> Issue Type: Wish
> Components: IDP
> Affects Versions: 1.1.0
> Reporter: Filip Höfer
> Priority: Minor
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> It would be useful to have the option to force the Fediz IdP to always
> request a new OnBehalfOf assertion instead of reusing an old one that was
> previously issued for the current browser session. The reuse can cause
> problems when validating the OnBehalfOf assertions via an external system.
> The cached OnBehalfOf assertions may be invalid at the time of their re-use.
> Turning the cache off would be the easiest solution.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
