Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-603

Improper date check in SamlAssertionWrapper.checkIssueInstant

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.1.8
    • Fix Version/s: 2.2.0, 2.0.11, 2.1.9
    • Component/s: WSS4J Core
    • Labels:
      None

      Description

      On line 574, the code is supposed to be calculating the SAML Assertions expiration. The code is calculating the lower bound on the time window, but is not properly storing the calculated DateTime. So rather than checking the Issue, and is effectively checking to see if the issue date is after the current time, which is never the case.

      The code reads:
      currentTime.minusSeconds(ttl);
      The code should read:
      currentTime = currentTime.minusSeconds(ttl);

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              jshipman John Shipman
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: