[OPENAM-5396] Malformed exp parameter in ID token Created: 05/Jan/15  Updated: 15/Dec/15  Resolved: 02/Feb/15

Status: Resolved
Project: OpenAM
Component/s: OpenID Connect
Affects Version/s: 12.0.0
Fix Version/s: 12.0.1, 13.0.0

Type: Bug Priority: Major
Reporter: Benjamin Mantei Assignee: kohei
Resolution: Fixed Votes: 0
Labels: release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

OpenAM 12

Issue Links:
relates to OPENAM-7048 coreTokenExpirationDate for OIDC toke... Resolved
Target Version/s:
QA Assignee: Garyl Erickson


If OpenAM acts as an OpenID Connect provider, the "exp" parameter in the ID token is specified in milliseconds instead of seconds (defined in the OpenID Connect specification). The parameters "iat" and "auth_time" on the other hand are correctly specified in seconds.

	"tokenName": "id_token",
	"azp": "portalapp",
	"sub": "google-101619612293088813422",
	"at_hash": "PzNCyzs8Sqo2u18tbRT3VQ",
	"iss": "https://cmopenam1.net:8443/openam",
	"iat": 1420464997,
	"auth_time": 1420464997,
	"exp": 1420465597000,
	"tokenType": "JWTToken",
	"realm": "/",
	"aud": ["portalapp"],
	"c_hash": "i3O7PF4Fj_SbWDoD5OAHyw",
	"ops": "0e0bfd03-4848-49c7-841d-979a0855f4cb"

Comment by Peter Major [X] (Inactive) [ 06/Mar/15 ]

Fixed in 12.0.1 with R12870

Generated at Tue Oct 27 06:49:06 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.