[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wsas-java-dev
Subject:    Re: [Dev] Why we use timestampSkew default value as 300 seconds in identity.xml, why not 0 seconds.
From:       Thanuja Jayasinghe <thanuja () wso2 ! com>
Date:       2017-05-31 6:59:19
Message-ID: CAER+jUME7erT=Zng8R_HCnqPYqn3=s10t7o8RxmpG10GPSNN+w () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi Dinali,

Consider the following calculation.

expiry time = issuedTimeInMillis + validityPeriodMillis -
(System.currentTimeMillis() - timestampSkew)

So actually token is valid for (validityPeriodMillis + timestampSkew)
seconds. This additional time is added to avoid the error occurred due to
the time synchronization issues between servers.

If your servers are perfectly synced then you can use timestampSkew value
as 0.

Thanks,
Thanuja


On Wed, May 31, 2017 at 12:01 PM, Dinali Dabarera <dinali@wso2.com> wrote:

> Hi All,
>
> In our identity.xml the default timeStampScrew value is used as 300
> seconds. Shouldn't this be 0 seconds?
>
> Because when we are getting a token from password grant type again and
> again *without a time delay*, the expiry time of the token increases than
> its accepted value because of this equation we are using.
>
> expiry time = issuedTimeInMillis + validityPeriodMillis - (System.
> currentTimeMillis() - timestampSkew);
>
> Since timestampSkew = 300 seconds, validityPeriodMillis = 3600 seconds,
> therefore, expiry time = 3644 seconds which can not be happened.
>
> Therefore, it is better to have the default timeStampScrew value as 0
> seconds in order to get correct results.
>
>
> Thanks!
>
> --
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabarera@gmail.com
> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
> Mobile: +94770198933 <+94%2077%20019%208933>
>
>
>
>
> <https://lk.linkedin.com/in/dinalidabarera>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891

[Attachment #5 (text/html)]

<div dir="ltr">Hi Dinali,<div><br></div><div><font face="arial, helvetica, \
sans-serif">Consider the following calculation.</font></div><div><font face="arial, \
helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, \
sans-serif">expiry time = issuedTimeInMillis + validityPeriodMillis - \
(System.currentTimeMillis() - timestampSkew)<br></font></div><div><font face="arial, \
helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, \
sans-serif">So actually token is valid for (<span \
style="color:rgb(0,0,0);font-size:12.1333px">validityPeriodMillis +  </span><font \
color="#000000"><span style="font-size:12.1333px">timestampSkew) seconds. This \
additional time is added to avoid the error occurred due to the time synchronization  \
issues between servers.</span></font></font></div><div><font color="#000000" \
face="arial, helvetica, sans-serif"><span \
style="font-size:12.1333px"><br></span></font></div><div><font face="arial, \
helvetica, sans-serif"><font color="#000000"><span style="font-size:12.1333px">If \
your servers are perfectly synced then you can use  </span></font>timestampSkew value \
as 0.</font></div><div><br></div><div>Thanks,</div><div>Thanuja</div><div><br></div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Wed, May 31, 2017 at 12:01 PM, \
Dinali Dabarera <span dir="ltr">&lt;<a href="mailto:dinali@wso2.com" \
target="_blank">dinali@wso2.com</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" \
style="font-family:&quot;times new roman&quot;,serif">Hi All,</div><div \
class="gmail_default" style="font-family:&quot;times new \
roman&quot;,serif"><br></div><div class="gmail_default" \
style="font-family:&quot;times new roman&quot;,serif">In our identity.xml  the \
default timeStampScrew value is used as 300 seconds. Shouldn&#39;t this be 0 \
seconds?</div><div class="gmail_default" style="font-family:&quot;times new \
roman&quot;,serif"><br></div><div class="gmail_default" \
style="font-family:&quot;times new roman&quot;,serif">Because when we are getting a \
token from password grant type again and again <b>without a time delay</b>, the \
expiry time of the token increases  than its accepted value because of this equation \
we are using.   </div><div class="gmail_default" style="font-family:&quot;times new \
roman&quot;,serif"><br></div><div class="gmail_default" \
style="font-family:&quot;times new roman&quot;,serif">expiry time =  <span \
style="color:rgb(0,0,0);font-family:&quot;DejaVu Sans \
Mono&quot;;font-size:9.1pt;background-color:rgb(228,228,255)">issuedTimeInMillis</span><span \
style="color:rgb(0,0,0);font-family:&quot;DejaVu Sans Mono&quot;;font-size:9.1pt"> + \
validityPeriodMillis - (System.</span><span \
style="color:rgb(0,0,0);font-family:&quot;DejaVu Sans \
Mono&quot;;font-size:9.1pt;font-style:italic">currentTimeMillis</span><span \
style="color:rgb(0,0,0);font-family:&quot;DejaVu Sans Mono&quot;;font-size:9.1pt">() \
- </span><span style="font-family:&quot;DejaVu Sans \
Mono&quot;;font-size:9.1pt;color:rgb(102,14,122);font-style:italic">timestampSkew</span><span \
style="color:rgb(0,0,0);font-family:&quot;DejaVu Sans \
Mono&quot;;font-size:9.1pt">);</span></div><div class="gmail_default" \
style="font-family:&quot;times new roman&quot;,serif"><span \
style="color:rgb(0,0,0);font-family:&quot;DejaVu Sans \
Mono&quot;;font-size:9.1pt"><br></span></div><div class="gmail_default" \
style="font-family:&quot;times new roman&quot;,serif"><span \
style="color:rgb(0,0,0);font-family:&quot;DejaVu Sans \
Mono&quot;;font-size:9.1pt">Since  </span><span \
style="color:rgb(102,14,122);font-family:&quot;DejaVu Sans \
Mono&quot;;font-size:12.1333px;font-style:italic">timestampSkew = 300 seconds,  \
</span><span style="color:rgb(0,0,0);font-family:&quot;DejaVu Sans \
Mono&quot;;font-size:12.1333px">validityPeriodMillis = 3600 seconds,</span></div><div \
class="gmail_default" style="font-family:&quot;times new roman&quot;,serif"><span \
style="color:rgb(0,0,0);font-family:&quot;DejaVu Sans \
Mono&quot;;font-size:12.1333px">therefore, expiry time = 3644 seconds which can not \
be happened.</span></div><div class="gmail_default"><span \
style="color:rgb(0,0,0);font-size:12.1333px"><font face="times new roman, \
serif"><br></font></span></div><div class="gmail_default"><span \
style="color:rgb(0,0,0);font-size:12.1333px"><font face="times new roman, \
serif">Therefore, it is better to have the default</font></span><span \
style="font-family:&quot;DejaVu Sans \
Mono&quot;;color:rgb(0,0,0);font-size:12.1333px">  </span><font face="times new \
roman, serif">timeStampScrew value as 0 seconds in order to get correct \
results.</font></div><div class="gmail_default"><font face="times new roman, \
serif"><br></font></div><div class="gmail_default"><font face="times new roman, \
serif"><br></font></div><div class="gmail_default"><font face="times new roman, \
serif">Thanks!</font></div><div><br></div>-- <br><div \
class="m_-4228247967660954564gmail_signature"><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><font face="monospace, \
monospace">Dinali Rosemin Dabarera</font></b><div><font face="monospace, \
monospace">Software Engineer</font></div><div><font face="monospace, monospace"><span \
style="color:rgb(230,145,56)">WSO2 Lanka (pvt) Ltd.</span><br><span \
style="color:rgb(246,178,107)"><span style="color:rgb(0,0,0)">Web: </span><a \
href="http://wso2.com/" \
target="_blank">http://wso2.com/</a></span><br></font></div><div><font \
face="monospace, monospace">Email : <a href="mailto:gdrdabarera@gmail.com" \
target="_blank">gdrdabarera@gmail.com</a><br><a \
href="https://lk.linkedin.com/in/dinalidabarera" \
target="_blank">LinkedIn</a></font></div><div><font face="monospace, \
monospace">Mobile: <a href="tel:+94%2077%20019%208933" value="+94770198933" \
target="_blank">+94770198933</a></font><br></div><div><br><br><br><br><span><span><a \
href="https://lk.linkedin.com/in/dinalidabarera" target="_blank"><span><b><img \
src="http://c.content.wso2.com/signatures/wso2-signature-general.png"></b></span></a>< \
/span></span><br><br><br><br><br><br><br><br><br><br><br><br><br><br></div></div></div></div></div></div></div></div></div>
 </div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div \
class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><span \
style="font-family:arial;font-size:small;background-color:rgb(255,255,204)"><b>Thanuja \
Lakmal</b></span><br style="font-family:arial;font-size:small"><div \
style="font-family:arial;font-size:small;color:rgb(136,136,136)">Associate Technical \
Lead<br>WSO2 Inc.  <a href="http://wso2.com/" style="color:rgb(17,85,204)" \
target="_blank">http://wso2.com/</a>  <br><b><font \
color="#666666">lean.enterprise.middleware</font></b><div>Mobile:  <a \
value="+94713448188" \
style="color:rgb(17,85,204)">+94715979891</a></div></div></div></div></div></div></div></div>
 </div>



_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic