Jan Bernhardt created FEDIZ-140:
-----------------------------------
Summary: IDP caches outdated SAML Tokens
Key: FEDIZ-140
URL: https://issues.apache.org/jira/browse/FEDIZ-140
Project: CXF-Fediz
Issue Type: Bug
Components: IDP
Affects Versions: 1.2.1
Reporter: Jan Bernhardt
I did some tests today with a SAML SSO trusted IDP. During these tests I've
noticed that the Fediz-IDP will only redirect me once to the trusted 3rd party
IDP for login. Then it caches my (3rd party) SAML token even if the token is
not valid because the lifetime of that token ended. The result is, that I see
an error page at the IDP, instead of getting redirected back again to my 3rd
party IDP.
I see two solutions for this issue.
Option 1: Provide a "disable" option on the Fediz IDP to ignore lifetime of
cached tokens.
Option 2: Redirect back to 3rd Party IDP if cached token is not valid any
longer.
I think it would be good if both options could be provided within Fediz,
leaving the choice to the user, depending on their use case.
A current workaround is to disable token caching in the IDP.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
