WS-trust define that a `/wst:RequestSecurityToken/wst:Lifetime` can be specified with only having `wsu:Expires`. In that case the creationTime shall be set to the current time. CXF simply ignore the lifetime if either expires or created is not present.
I have fixed the behavior and provide a unit test for it. I have to also modify test `testSaml2NoExpires` because it fails after my changes, because the creationTime was too fare in the future. The "old" implementation just ignore the creationTime, which was wrong. If my change is acceptable, could you please also merge the fix to 3.2-branch. Thank you. [ Full content available at: https://github.com/apache/cxf/pull/455 ] This message was relayed via gitbox.apache.org for [email protected]
