More of a Colm-question (he won't be in until tomorrow morning Ireland
time), but I wonder if the correct property for the web service provider
is "timeToLive"
(http://cxf.apache.org/docs/ws-securitypolicy.html#WS-SecurityPolicy-NonbooleanWSSecurityConfigurationparameters);
if so, due to https://issues.apache.org/jira/browse/CXF-4434, it
probably won't be working in CXF until our next release (should be
within the next couple of weeks).
Glen
On 08/13/2012 03:14 PM, DTaylor wrote:
Hi Glen,
Currently I'm using a CXF web service client, with an STS client configured.
The actual STS is a .NET STS on another system, with a java CXF web service
on a third.
If the STS and service are inside our network, with no time drift, the
configuration works fine. Once we put them on the deployment systems and
the time drifts, there are issues.
The client was originally not accepting the incoming token from the STS due
to the time drift (the STS is ~2 min ahead of the client and service hosts).
I added the "ws-security.timestamp.futureTimeToLive" property with a value
of 6 minutes to the client configuration and the client began to accept the
incoming token and call to the service with it. I tried adding the same
under the jaxws:properties portion of the endpoint definition and the call
is refused with a "General security error (SAML token security failure)"
message.
Dan.
--
View this message in context:
http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5712435.html
Sent from the cxf-user mailing list archive at Nabble.com.
