Yes, I saw that, but it is a ReceivedToken at that point, so unless I unmarshal it I can't get at the NotOnOrAfter time. Instead, I found that I could modify the conditions in my SAMLCustomHandler, which unmarshals the ActAs token in order to stick it in Advice. That seemed preferable to unmarshalling it twice.
Thanx, Stephen W. Chappell -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Monday, November 02, 2015 10:33 AM To: [email protected] Subject: Re: NotOnOrAfter in SAML Tokens with Advice You can access the incoming "ActAs" token via "providerParameters.getTokenRequirements().getActAs()" in your ConditionsProvider implementation - that's probably the only way to do it. Colm. On Tue, Oct 27, 2015 at 4:27 PM, <[email protected]> wrote: > In our SAML profile, a SAML token issued with Advice should have a > NotOnOrAfter condition that does not come after the Advice token's > NotOnOrAfter condition. But apparently, the CXF STS (2.7.14) doesn't > consider Advice conditions when issuing a new token? If it doesn't I > can add that capability in a custom ConditionsProvider, but in looking > things over it's not really obvious how I can retrieve that condition > from either the Advice token or from the ActAs in the request from > there. I'm sure there's an easy-ish way to do this that I am missing, > if someone can point me in the right direction I'd appreciate it. > > Stephen W. Chappell > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
