Hi Glen, Currently I'm using a CXF web service client, with an STS client configured. The actual STS is a .NET STS on another system, with a java CXF web service on a third.
If the STS and service are inside our network, with no time drift, the configuration works fine. Once we put them on the deployment systems and the time drifts, there are issues. The client was originally not accepting the incoming token from the STS due to the time drift (the STS is ~2 min ahead of the client and service hosts). I added the "ws-security.timestamp.futureTimeToLive" property with a value of 6 minutes to the client configuration and the client began to accept the incoming token and call to the service with it. I tried adding the same under the jaxws:properties portion of the endpoint definition and the call is refused with a "General security error (SAML token security failure)" message. Dan. -- View this message in context: http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5712435.html Sent from the cxf-user mailing list archive at Nabble.com.
