You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2018/12/19 23:15:00 UTC
[jira] [Commented] (WSS-639) IssueInstant NotOnOrAfter is not
checked when specified
[ https://issues.apache.org/jira/browse/WSS-639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16725431#comment-16725431 ]
Colm O hEigeartaigh commented on WSS-639:
-----------------------------------------
validTill is checked in the "checkConditions" method:
> if (validTill != null && validTill.isBeforeNow()) {
> IssueInstant NotOnOrAfter is not checked when specified
> -------------------------------------------------------
>
> Key: WSS-639
> URL: https://issues.apache.org/jira/browse/WSS-639
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.2.1, 2.2.2
> Reporter: Ralph Bastiaansen
> Assignee: Colm O hEigeartaigh
> Priority: Major
>
> In org.apache.wss4j.common.saml.SamlAssertionWrapper in method checkIssueInstance, line 862.
> When validTill is not null, no check is performed.
>
> {code:java}
> // If there is no NotOnOrAfter, then impose a TTL on the IssueInstant.
> if (validTill == null) {
> currentTime = new DateTime().minusSeconds(ttl);
> if (issueInstant.isBefore(currentTime)) {
> LOG.debug("SAML Token IssueInstant not met. The assertion was created too long ago.");
> throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
> }
> }{code}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org