-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 6.5.2.2
-
Fix Version/s: None
-
Component/s: None
-
Labels:
-
Rank:1|hzzy2n:
-
Support Ticket IDs:
A customer does:
upon calling the OIDC /token end point, and after passing the header client_assertion_type - jwt-bearer
client_assertion - has signed JWT, where exp as current time.
In this case the token end point is getting executed.It looks the FR is having exp check till exp+5 min.
Because the JWT which are sending is valid for almost 5 min.Can you please let us know if there is any setting to reduce it
Customer wants the ability to reduce that 5 minute time that is unfortunately hardcoded in the JwtClaimsValidationHandler.java file as:
private static final Duration SKEW_ALLOWANCE = Duration.duration(5, TimeUnit.MINUTES);
private boolean isExpired()
{ return claimsSet.getExpirationTime().getTime() <= (Time.currentTimeMillis() - SKEW_ALLOWANCE.to(MILLISECONDS)); }- is related to
-
-
- Open
-
- relates to
-
OPENAM-15805 idtokeninfo endpoint gives invalid signature error when ID Token is expired
-
- Closed
-