[jira] [Closed] (WSS-603) Improper date check in SamlAssertionWrapper.checkIssueInstant

Colm O hEigeartaigh (JIRA) Mon, 03 Apr 2017 01:40:30 -0700

     [ 
https://issues.apache.org/jira/browse/WSS-603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Colm O hEigeartaigh closed WSS-603.
-----------------------------------

> Improper date check in SamlAssertionWrapper.checkIssueInstant
> -------------------------------------------------------------
>
>                 Key: WSS-603
>                 URL: https://issues.apache.org/jira/browse/WSS-603
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.1.8
>            Reporter: John Shipman
>            Assignee: Colm O hEigeartaigh
>            Priority: Blocker
>             Fix For: 2.2.0, 2.0.11, 2.1.9
>
>
> On line 574, the code is supposed to be calculating the SAML Assertions 
> expiration.  The code is calculating the lower bound on the time window, but 
> is not properly storing the calculated DateTime.  So rather than checking the 
> Issue, and is effectively checking to see if the issue date is after the 
> current time, which is never the case.
> The code reads:
>    currentTime.minusSeconds(ttl);
> The code should read:
>    currentTime = currentTime.minusSeconds(ttl);



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Closed] (WSS-603) Improper date check in SamlAssertionWrapper.checkIssueInstant

Reply via email to