Correction: The Validator package name is incorrect (package names have changed on trunk) - remove the "dom" part of the package name.
Colm. On Thu, Oct 18, 2012 at 10:44 AM, Colm O hEigeartaigh <[email protected]>wrote: > Hi, > > "ws-security.timestamp.futureTimeToLive" only applies to the Timestamp > itself, not the SAML Token. Currently there is no way to specify the Future > TTL setting for the SamlAssertionValidator in configuration. > > However, you can do this by just setting the value in a > SamlAssertionValidator instance, and then configuring that on the endpoint. > For example: > > <bean id="validator" > class="org.apache.ws.security.dom.validate.SamlAssertionValidator"> > <property name="futureTTL" value="600" /> > </bean> > > and then set the JAX-WS property on the endpoint: > > <entry key="ws-security.saml2.validator" value-ref="validator"/> > > Colm. > > On Wed, Oct 17, 2012 at 9:12 PM, DTaylor <[email protected]> wrote: > >> Hey all, >> >> Sorry to bring this up again after having left it for a few months but >> we've >> upgraded to CXF 2.6.2 and finally re-tested this. >> >> Our service configuration is attached (not the full file, just the >> endpoint >> config), and we still fail with a general SAML token security failure >> error. >> >> I believe that setting ws-security.timestamp.futureTimeToLive to 600 >> should >> indicate to the service that if the token is within 10 minutes into the >> future, it should still be accepted. Is this the case? >> >> Thanks, >> >> Dan >> >> serviceConfig.xml >> <http://cxf.547215.n5.nabble.com/file/n5716884/serviceConfig.xml> >> >> >> >> -- >> View this message in context: >> http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5716884.html >> Sent from the cxf-user mailing list archive at Nabble.com. >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
