[
https://issues.apache.org/jira/browse/WSS-639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16725621#comment-16725621
]
Ralph Bastiaansen commented on WSS-639:
---------------------------------------
Thank you for the explanation, you are right. I am glad I can rely on this
proven library!
> IssueInstant NotOnOrAfter is not checked when specified
> -------------------------------------------------------
>
> Key: WSS-639
> URL: https://issues.apache.org/jira/browse/WSS-639
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.2.1, 2.2.2
> Reporter: Ralph Bastiaansen
> Assignee: Colm O hEigeartaigh
> Priority: Major
>
> In org.apache.wss4j.common.saml.SamlAssertionWrapper in method
> checkIssueInstance, line 862.
> When validTill is not null, no check is performed.
>
> {code:java}
> // If there is no NotOnOrAfter, then impose a TTL on the IssueInstant.
> if (validTill == null) {
> currentTime = new DateTime().minusSeconds(ttl);
> if (issueInstant.isBefore(currentTime)) {
> LOG.debug("SAML Token IssueInstant not met. The assertion was created
> too long ago.");
> throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
> "invalidSAMLsecurity");
> }
> }{code}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
