You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2017/11/15 10:25:00 UTC

[jira] [Assigned] (FEDIZ-214) OIDC generated already expired id_token

     [ https://issues.apache.org/jira/browse/FEDIZ-214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh reassigned FEDIZ-214:
-----------------------------------------

    Assignee:     (was: Colm O hEigeartaigh)

> OIDC generated already expired id_token
> ---------------------------------------
>
>                 Key: FEDIZ-214
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-214
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: OIDC
>    Affects Versions: 1.4.2
>            Reporter: gonzalad
>            Priority: Minor
>             Fix For: 1.4.3
>
>
> id_token expiry claim was is computed from SAML token expiry.
> Since SAML token is generated once per OIDC httpSession
> and can be reused for generating multiple id_token, there can be cases
> where the id_token is generated with an already expired claim.
> id_token expiry claim should be computed at id_token generation time.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)