[jira] [Commented] (CXF-7864) STS: Expires lifetime is ignored if no lifetime created was specified

Fri, 05 Oct 2018 00:23:14 -0700 


    [ 
https://issues.apache.org/jira/browse/CXF-7864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16639377#comment-16639377
 ] 

ASF GitHub Bot commented on CXF-7864:
-------------------------------------

Thopap opened a new pull request #455: CXF-7864: Fix issue if lifetime only 
specify expired without created
URL: https://github.com/apache/cxf/pull/455
 
 
   WS-trust define that a `/wst:RequestSecurityToken/wst:Lifetime` can be 
specified with only having `wsu:Expires`. In that case the creationTime shall 
be set to the current time. CXF simply ignore the lifetime if either expires or 
created is not present.
   
   I have fixed the behavior and provide a unit test for it. I have to also 
modify test `testSaml2NoExpires` because it fails after my changes, because the 
creationTime was too fare in the future. The "old" implementation just ignore 
the creationTime, which was wrong.
   
   If my change is acceptable, could you please also merge the fix to 
3.2-branch. Thank you.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


> STS: Expires lifetime is ignored if no lifetime created was specified
> ---------------------------------------------------------------------
>
>                 Key: CXF-7864
>                 URL: https://issues.apache.org/jira/browse/CXF-7864
>             Project: CXF
>          Issue Type: Bug
>          Components: STS
>    Affects Versions: 3.2.6
>            Reporter: Thomas Papke
>            Priority: Major
>
> WS-trust define that a `/wst:RequestSecurityToken/wst:Lifetime` can be 
> specified with only having `wsu:Expires`. In that case the creationTime shall 
> be set to the current time. CXF simply ignore the lifetime if either expires 
> or created is not present. (The same also for the other direction - lifetime 
> can be also specified without expires, which is ignored as well)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to