You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2017/05/25 10:40:04 UTC

[jira] [Created] (CXF-7382) Don't cache SecurityTokens per-endpoint when the STSClient is used as an intermediary

Colm O hEigeartaigh created CXF-7382:
----------------------------------------

             Summary: Don't cache SecurityTokens per-endpoint when the STSClient is used as an intermediary
                 Key: CXF-7382
                 URL: https://issues.apache.org/jira/browse/CXF-7382
             Project: CXF
          Issue Type: Improvement
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 3.2.0, 3.1.12


If the STSClient is used as an intermediary with delegation (OnBehalfOf/ActAs) you must set the property "security.cache.issued.token.in.endpoint" to "false". Otherwise it just retrieves the first cached token from the endpoint. However, it would be better to disable caching tokens per-endpoint if we have a delegation token by default, as it is less of a security risk.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)