Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5396

Malformed exp parameter in ID token

    Details

      Description

      If OpenAM acts as an OpenID Connect provider, the "exp" parameter in the ID token is specified in milliseconds instead of seconds (defined in the OpenID Connect specification). The parameters "iat" and "auth_time" on the other hand are correctly specified in seconds.

      {
      	"tokenName": "id_token",
      	"azp": "portalapp",
      	"sub": "google-101619612293088813422",
      	"at_hash": "PzNCyzs8Sqo2u18tbRT3VQ",
      	"iss": "https://cmopenam1.net:8443/openam",
      	"iat": 1420464997,
      	"auth_time": 1420464997,
      	"exp": 1420465597000,
      	"tokenType": "JWTToken",
      	"realm": "/",
      	"aud": ["portalapp"],
      	"c_hash": "i3O7PF4Fj_SbWDoD5OAHyw",
      	"ops": "0e0bfd03-4848-49c7-841d-979a0855f4cb"
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kohei kohei
                Reporter:
                b.mantei Benjamin Mantei
                QA Assignee:
                Garyl Erickson
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: