Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-639

IssueInstant NotOnOrAfter is not checked when specified

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Not A Problem
    • 2.2.1, 2.2.2
    • None
    • WSS4J Core
    • None

    Description

      In org.apache.wss4j.common.saml.SamlAssertionWrapper in method checkIssueInstance, line 862.

      When validTill is not null, no check is performed.

       

      // If there is no NotOnOrAfter, then impose a TTL on the IssueInstant.
      if (validTill == null) {
          currentTime = new DateTime().minusSeconds(ttl);
      
          if (issueInstant.isBefore(currentTime)) {
              LOG.debug("SAML Token IssueInstant not met. The assertion was created too long ago.");
              throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
          }
      }

       

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            RBastiaansen Ralph Bastiaansen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: