[ https://issues.apache.org/jira/browse/FEDIZ-82?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14970823#comment-14970823 ]
Jan Bernhardt commented on FEDIZ-82: ------------------------------------ Hi Filip, turning the cache off would cause new problems. How can the IDP request new SAML Token from the STS, when the user wants to login to a second application? The IDP does not store the username/password from the user. In some cases username/password is not even used (e.g. kerberos authentication). > Unwanted reuse of OnBehalfOf assertions > --------------------------------------- > > Key: FEDIZ-82 > URL: https://issues.apache.org/jira/browse/FEDIZ-82 > Project: CXF-Fediz > Issue Type: Wish > Components: IDP > Affects Versions: 1.1.0 > Reporter: Filip Höfer > Priority: Minor > Original Estimate: 24h > Remaining Estimate: 24h > > It would be useful to have the option to force the Fediz IdP to always > request a new OnBehalfOf assertion instead of reusing an old one that was > previously issued for the current browser session. The reuse can cause > problems when validating the OnBehalfOf assertions via an external system. > The cached OnBehalfOf assertions may be invalid at the time of their re-use. > Turning the cache off would be the easiest solution. -- This message was sent by Atlassian JIRA (v6.3.4#6332)