[WSS-603] Improper date check in SamlAssertionWrapper.checkIssueInstant - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.1.8
Fix Version/s: 2.2.0, 2.0.11, 2.1.9
Component/s: WSS4J Core
Labels:
None

Description

On line 574, the code is supposed to be calculating the SAML Assertions expiration. The code is calculating the lower bound on the time window, but is not properly storing the calculated DateTime. So rather than checking the Issue, and is effectively checking to see if the issue date is after the current time, which is never the case.

The code reads:
currentTime.minusSeconds(ttl);
The code should read:
currentTime = currentTime.minusSeconds(ttl);

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: John Shipman

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Mar/17 15:13

Updated:: 03/Apr/17 08:38

Resolved:: 22/Mar/17 15:49