Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-639

IssueInstant NotOnOrAfter is not checked when specified

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Not A Problem
    • Affects Version/s: 2.2.1, 2.2.2
    • Fix Version/s: None
    • Component/s: WSS4J Core
    • Labels:
      None

      Description

      In org.apache.wss4j.common.saml.SamlAssertionWrapper in method checkIssueInstance, line 862.

      When validTill is not null, no check is performed.

       

      // If there is no NotOnOrAfter, then impose a TTL on the IssueInstant.
      if (validTill == null) {
          currentTime = new DateTime().minusSeconds(ttl);
      
          if (issueInstant.isBefore(currentTime)) {
              LOG.debug("SAML Token IssueInstant not met. The assertion was created too long ago.");
              throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
          }
      }

       

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              RBastiaansen Ralph Bastiaansen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: