Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15927

SKEW_ALLOWANCE = Duration.duration(5, TimeUnit.MINUTES) ability to tweek the time duration

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.2.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Rank:
      1|hzzy2n:
    • Support Ticket IDs:

      Description

      A customer does:

      upon calling the OIDC /token end point, and after passing the header client_assertion_type - jwt-bearer
      client_assertion - has signed JWT, where exp as current time.
      In this case the token end point is getting executed.It looks the FR is having exp check till exp+5 min.
      Because the JWT which are sending is valid for almost 5 min.Can you please let us know if there is any setting to reduce it
      Customer wants the ability to reduce that 5 minute time that is unfortunately hardcoded in the JwtClaimsValidationHandler.java file as:

      private static final Duration SKEW_ALLOWANCE = Duration.duration(5, TimeUnit.MINUTES);

          private boolean isExpired()

      {         return claimsSet.getExpirationTime().getTime()                 <= (Time.currentTimeMillis() - SKEW_ALLOWANCE.to(MILLISECONDS));     }

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                george.nikolaidis George Nikolaidis
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated: