You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by DTaylor <Da...@Merge.com> on 2012/10/17 21:12:31 UTC
Re: futureTimeToLive on Service Endpoints
Hey all,
Sorry to bring this up again after having left it for a few months but we've
upgraded to CXF 2.6.2 and finally re-tested this.
Our service configuration is attached (not the full file, just the endpoint
config), and we still fail with a general SAML token security failure error.
I believe that setting ws-security.timestamp.futureTimeToLive to 600 should
indicate to the service that if the token is within 10 minutes into the
future, it should still be accepted. Is this the case?
Thanks,
Dan
serviceConfig.xml
<http://cxf.547215.n5.nabble.com/file/n5716884/serviceConfig.xml>
--
View this message in context: http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5716884.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: futureTimeToLive on Service Endpoints
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Dan,
> <entry key="ws-security.saml2.validator" value-ref="validator"/>
This only applies to a SAML 2.0 Token. As you are receiving a SAML 1.1
Token you should have:
> <entry key="ws-security.saml1.validator" value-ref="validator"/>
Colm.
On Tue, Jan 22, 2013 at 10:36 PM, DTaylor <Da...@merge.com> wrote:
> I have attached the service configuration again (I'm pretty sure I've got
> too
> much in there relating to this issue, as I put in both possible FTTL
> modifiying properties, however I've tried it with each individually and it
> didn't work either).
>
> I have also attached the incoming saml1:Assertion object. I'm unsure if
> this is the request you were request Colm or not.. if it is not, is there a
> specific bit of logging I need to turn on in order to get this for you?
>
> Thanks,
>
> Dan.
>
> samlAssertion.txt
> <http://cxf.547215.n5.nabble.com/file/n5722033/samlAssertion.txt>
> TestServiceOne.xml
> <http://cxf.547215.n5.nabble.com/file/n5722033/TestServiceOne.xml>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5722033.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: futureTimeToLive on Service Endpoints
Posted by DTaylor <Da...@Merge.com>.
I have attached the service configuration again (I'm pretty sure I've got too
much in there relating to this issue, as I put in both possible FTTL
modifiying properties, however I've tried it with each individually and it
didn't work either).
I have also attached the incoming saml1:Assertion object. I'm unsure if
this is the request you were request Colm or not.. if it is not, is there a
specific bit of logging I need to turn on in order to get this for you?
Thanks,
Dan.
samlAssertion.txt
<http://cxf.547215.n5.nabble.com/file/n5722033/samlAssertion.txt>
TestServiceOne.xml
<http://cxf.547215.n5.nabble.com/file/n5722033/TestServiceOne.xml>
--
View this message in context: http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5722033.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: futureTimeToLive on Service Endpoints
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Dan,
Your configuration didn't make it through. Could you just paste it in an
email?
Colm.
On Thu, Jan 17, 2013 at 10:07 PM, DTaylor <Da...@merge.com> wrote:
> Hi Colm,
>
> Sorry for the delay in trying this again. We tried setting the values you
> mentioned on our service and upon calling the service with a token from 2
> minutes in the future, we get the following exception still.
>
> WARNING:
>
> org.apache.ws.security.WSSecurityException: General security error (SAML
> token security failure)
>
> at
>
> org.apache.ws.security.validate.SamlAssertionValidator.checkConditions(SamlAssertionValidator.java:145)
>
> at
>
> org.apache.ws.security.validate.SamlAssertionValidator.validate(SamlAssertionValidator.java:93)
>
> at
>
> org.apache.ws.security.processor.SAMLTokenProcessor.handleSAMLToken(SAMLTokenProcessor.java:118)
>
> at
>
> org.apache.ws.security.processor.SAMLTokenProcessor.handleToken(SAMLTokenProcessor.java:53)
>
> at
>
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:284)
>
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92)
>
> at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
>
> at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>
> at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
>
> at
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
>
> at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
>
> at
>
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130)
>
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:221)
>
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:141)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:197)
>
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>
> at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>
> at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>
> at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
>
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>
> at
>
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
>
> at
>
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>
> at
>
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
>
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>
> at java.lang.Thread.run(Thread.java:662)
>
> Jan 17, 2013 4:58:48 PM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
>
> WARNING: Interceptor for
> {http://merge.com/icc/service/test/cookie/}CookieTest has thrown
> exception,
> unwinding now
>
> org.apache.cxf.binding.soap.SoapFault: General security error (SAML token
> security failure)
>
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:785)
>
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:352)
>
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92)
>
> at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
>
> at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>
> at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
>
> at
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
>
> at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
>
> at
>
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130)
>
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:221)
>
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:141)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:197)
>
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>
> at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>
> at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>
> at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
>
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>
> at
>
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
>
> at
>
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>
> at
>
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
>
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>
> at java.lang.Thread.run(Thread.java:662)
>
> Caused by: org.apache.ws.security.WSSecurityException: General security
> error (SAML token security failure)
>
> at
>
> org.apache.ws.security.validate.SamlAssertionValidator.checkConditions(SamlAssertionValidator.java:145)
>
> at
>
> org.apache.ws.security.validate.SamlAssertionValidator.validate(SamlAssertionValidator.java:93)
>
> at
>
> org.apache.ws.security.processor.SAMLTokenProcessor.handleSAMLToken(SAMLTokenProcessor.java:118)
>
> at
>
> org.apache.ws.security.processor.SAMLTokenProcessor.handleToken(SAMLTokenProcessor.java:53)
>
> at
>
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:284)
>
> ... 27 more
>
>
> Are there any further suggestions we could try? I have attached our
> configuration for the service.
>
> Thanks,
>
> Dan
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5721813.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: futureTimeToLive on Service Endpoints
Posted by DTaylor <Da...@Merge.com>.
Hi Colm,
Sorry for the delay in trying this again. We tried setting the values you
mentioned on our service and upon calling the service with a token from 2
minutes in the future, we get the following exception still.
WARNING:
org.apache.ws.security.WSSecurityException: General security error (SAML
token security failure)
at
org.apache.ws.security.validate.SamlAssertionValidator.checkConditions(SamlAssertionValidator.java:145)
at
org.apache.ws.security.validate.SamlAssertionValidator.validate(SamlAssertionValidator.java:93)
at
org.apache.ws.security.processor.SAMLTokenProcessor.handleSAMLToken(SAMLTokenProcessor.java:118)
at
org.apache.ws.security.processor.SAMLTokenProcessor.handleToken(SAMLTokenProcessor.java:53)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:284)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:221)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:141)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:197)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Jan 17, 2013 4:58:48 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for
{http://merge.com/icc/service/test/cookie/}CookieTest has thrown exception,
unwinding now
org.apache.cxf.binding.soap.SoapFault: General security error (SAML token
security failure)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:785)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:352)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:221)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:141)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:197)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: General security
error (SAML token security failure)
at
org.apache.ws.security.validate.SamlAssertionValidator.checkConditions(SamlAssertionValidator.java:145)
at
org.apache.ws.security.validate.SamlAssertionValidator.validate(SamlAssertionValidator.java:93)
at
org.apache.ws.security.processor.SAMLTokenProcessor.handleSAMLToken(SAMLTokenProcessor.java:118)
at
org.apache.ws.security.processor.SAMLTokenProcessor.handleToken(SAMLTokenProcessor.java:53)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:284)
... 27 more
Are there any further suggestions we could try? I have attached our
configuration for the service.
Thanks,
Dan
--
View this message in context: http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5721813.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: futureTimeToLive on Service Endpoints
Posted by Colm O hEigeartaigh <co...@apache.org>.
Correction: The Validator package name is incorrect (package names have
changed on trunk) - remove the "dom" part of the package name.
Colm.
On Thu, Oct 18, 2012 at 10:44 AM, Colm O hEigeartaigh
<co...@apache.org>wrote:
> Hi,
>
> "ws-security.timestamp.futureTimeToLive" only applies to the Timestamp
> itself, not the SAML Token. Currently there is no way to specify the Future
> TTL setting for the SamlAssertionValidator in configuration.
>
> However, you can do this by just setting the value in a
> SamlAssertionValidator instance, and then configuring that on the endpoint.
> For example:
>
> <bean id="validator"
> class="org.apache.ws.security.dom.validate.SamlAssertionValidator">
> <property name="futureTTL" value="600" />
> </bean>
>
> and then set the JAX-WS property on the endpoint:
>
> <entry key="ws-security.saml2.validator" value-ref="validator"/>
>
> Colm.
>
> On Wed, Oct 17, 2012 at 9:12 PM, DTaylor <Da...@merge.com> wrote:
>
>> Hey all,
>>
>> Sorry to bring this up again after having left it for a few months but
>> we've
>> upgraded to CXF 2.6.2 and finally re-tested this.
>>
>> Our service configuration is attached (not the full file, just the
>> endpoint
>> config), and we still fail with a general SAML token security failure
>> error.
>>
>> I believe that setting ws-security.timestamp.futureTimeToLive to 600
>> should
>> indicate to the service that if the token is within 10 minutes into the
>> future, it should still be accepted. Is this the case?
>>
>> Thanks,
>>
>> Dan
>>
>> serviceConfig.xml
>> <http://cxf.547215.n5.nabble.com/file/n5716884/serviceConfig.xml>
>>
>>
>>
>> --
>> View this message in context:
>> http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5716884.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: futureTimeToLive on Service Endpoints
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi,
"ws-security.timestamp.futureTimeToLive" only applies to the Timestamp
itself, not the SAML Token. Currently there is no way to specify the Future
TTL setting for the SamlAssertionValidator in configuration.
However, you can do this by just setting the value in a
SamlAssertionValidator instance, and then configuring that on the endpoint.
For example:
<bean id="validator"
class="org.apache.ws.security.dom.validate.SamlAssertionValidator">
<property name="futureTTL" value="600" />
</bean>
and then set the JAX-WS property on the endpoint:
<entry key="ws-security.saml2.validator" value-ref="validator"/>
Colm.
On Wed, Oct 17, 2012 at 9:12 PM, DTaylor <Da...@merge.com> wrote:
> Hey all,
>
> Sorry to bring this up again after having left it for a few months but
> we've
> upgraded to CXF 2.6.2 and finally re-tested this.
>
> Our service configuration is attached (not the full file, just the endpoint
> config), and we still fail with a general SAML token security failure
> error.
>
> I believe that setting ws-security.timestamp.futureTimeToLive to 600 should
> indicate to the service that if the token is within 10 minutes into the
> future, it should still be accepted. Is this the case?
>
> Thanks,
>
> Dan
>
> serviceConfig.xml
> <http://cxf.547215.n5.nabble.com/file/n5716884/serviceConfig.xml>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/futureTimeToLive-on-Service-Endpoints-tp5712429p5716884.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com