Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
2.2.1, 2.2.2
-
None
-
None
Description
In org.apache.wss4j.common.saml.SamlAssertionWrapper in method checkIssueInstance, line 862.
When validTill is not null, no check is performed.
// If there is no NotOnOrAfter, then impose a TTL on the IssueInstant. if (validTill == null) { currentTime = new DateTime().minusSeconds(ttl); if (issueInstant.isBefore(currentTime)) { LOG.debug("SAML Token IssueInstant not met. The assertion was created too long ago."); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } }