The SAMLTokenRenewer can renew valid or expired SAML 1.1 and SAML 2.0 tokens. The following properties can be configured on the SAMLTokenRenewer directly:
-
boolean signToken- Whether to sign the renewed token or not. The default is true. -
ConditionsProvider conditionsProvider- An object used to add a Conditions statement to the token. -
Map<String, SAMLRealm>realmMap - A map of realms to SAMLRealm objects. -
long maxExpiry- how long a token is allowed to be expired (in seconds) before renewal. The default is 30 minutes.
The SAMLTokenRenewer first checks that the token it extracts from the TokenRenewerParameters is in an expired or valid state, if not it throws an exception. It then retrieves the cached token that corresponds to the token to be renewed. A cache must be configured to use the SAMLTokenRenewer, and the token to be renewed must be in the cache before renewal takes place, for reasons that will become clear in the next section.