Hi,
"ws-security.timestamp.futureTimeToLive" only applies to the Timestamp
itself, not the SAML Token. Currently there is no way to specify the Future
TTL setting for the SamlAssertionValidator in configuration.
However, you can do this by just setting the value in a
SamlAssertionValidator instance, and then configuring that on the endpoint.
For example:
<bean id="validator"
class="org.apache.ws.security.dom.validate.SamlAssertionValidator">
<property name="futureTTL" value="600" />
</bean>
and then set the JAX-WS property on the endpoint:
<entry key="ws-security.saml2.validator" value-ref="validator"/>
Colm.
On Wed, Oct 17, 2012 at 9:12 PM, DTaylor <[email protected]> wrote:
> Hey all,
>
> Sorry to bring this up again after having left it for a few months but
> we've
> upgraded to CXF 2.6.2 and finally re-tested this.
>
> Our service configuration is attached (not the full file, just the endpoint
> config), and we still fail with a general SAML token security failure
> error.
>
> I believe that setting ws-security.timestamp.futureTimeToLive to 600 should
> indicate to the service that if the token is within 10 minutes into the
> future, it should still be accepted. Is this the case?
>
> Thanks,
>
> Dan
>
> serviceConfig.xml
> <http://cxf.547215.n5.nabble.com/file/n5716884/serviceConfig.xml>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5716884.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
