On Thu, Aug 31, 2017 at 11:22 AM, Francesco Chicchiriccò < [email protected]> wrote:
> > > About checking the Relay State expiration, the duration is currently set > to 5 seconds but I am afraid it is not curerntly verified during the > response validation. > 5 seconds seems a bit unreasonable, the user may have to type in a username + password at the IdP! We could just do something similar to the code in JWTAuthenticationProvider in terms of verifying the expiry. Colm. > > Regards. > > [1] https://github.com/apache/syncope/blob/2_0_X/ext/saml2sp/ >> logic/src/main/java/org/apache/syncope/core/logic/SAML >> 2SPLogic.java#L327-L329 >> [2] https://github.com/apache/syncope/blob/2_0_X/ext/saml2sp/ >> logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java#L408 >> > [3] https://github.com/apache/syncope/blob/master/ext/saml2sp/ > logic/src/main/java/org/apache/syncope/core/logic/saml > 2/SAML2ReaderWriter.java#L150 > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
