add clock screw to assertion time validation

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-11-04 11:40:33 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-11-04 11:40:33 +0100
commit: 3e3109fbf3f93f52919f0ba6089b5488f598c149 (patch)
tree: 5fd733df2d8df67cc08bd9391dd4a6bdab3c2471 /id/server/idserverlib
parent: 99b46131e3ef3753af9f1d17516cf900fd095b4d (diff)
download: moa-id-spss-3e3109fbf3f93f52919f0ba6089b5488f598c149.tar.gz
moa-id-spss-3e3109fbf3f93f52919f0ba6089b5488f598c149.tar.bz2
moa-id-spss-3e3109fbf3f93f52919f0ba6089b5488f598c149.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 4ba93f8fe..2247ad227 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -174,10 +174,14 @@ public class SAMLVerificationEngine {
 				for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
 					
 					Conditions conditions = saml2assertion.getConditions();
-					DateTime notbefore = conditions.getNotBefore();
+					DateTime notbefore = conditions.getNotBefore().minusMinutes(5);
 					DateTime notafter = conditions.getNotOnOrAfter();
 					if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
-						Logger.warn("PVP2 Assertion is out of Date");
+						Logger.warn("PVP2 Assertion is out of Date. "
+								+ "{ Current : " + new DateTime() 
+								+ " NotBefore: " + notbefore 
+								+ " NotAfter : " + notafter
+								+ " }");
 											
 					} else {
 						validatedassertions.add(saml2assertion);
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-11-04 11:40:33 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-11-04 11:40:33 +0100
commit	3e3109fbf3f93f52919f0ba6089b5488f598c149 (patch)
tree	5fd733df2d8df67cc08bd9391dd4a6bdab3c2471 /id/server/idserverlib
parent	99b46131e3ef3753af9f1d17516cf900fd095b4d (diff)
download	moa-id-spss-3e3109fbf3f93f52919f0ba6089b5488f598c149.tar.gz moa-id-spss-3e3109fbf3f93f52919f0ba6089b5488f598c149.tar.bz2 moa-id-spss-3e3109fbf3f93f52919f0ba6089b5488f598c149.zip