In addition to the above confusion on Lifetime versus NotOnOrAfter, I want to
force my STSClient to do a issue on a expired token since our STS is not
setup to do renew at this time.
My thought was that the below CXF renewToken code would execute a issue if I
set the STSClient property allowRenewingAfterExpiry to a value of false:
// If the user has explicitly disabled Renewing then we can't
renew a token,
// so just get a new one
STSClient client = STSUtils.getClient(message, "sts", itok);
if (!client.isAllowRenewing()) {
return issueToken(message, aim, itok);
}
But it does not seem to be doing this.
--
View this message in context:
http://cxf.547215.n5.nabble.com/Clarification-of-CXF-client-handling-of-expired-cached-tokens-tp5743216p5743264.html
Sent from the cxf-user mailing list archive at Nabble.com.
