4 files changed, 7 insertions, 5 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index adf6c4979..c0101b553 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -72,7 +72,8 @@ public class Constants {
 	
 	
 	//timeouts and clock skews
-	public static final int CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  			//2 minutes skew time for response validation
+	public static final long CONFIG_PROPS_SKEWTIME_BEFORE = -2 * 60 * 1000;  			//5 minutes skew time for response validation
+	public static final long CONFIG_PROPS_SKEWTIME_AFTER = 2 * 60 * 1000;  			//5 minutes skew time for response validation
 	public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000;	//remove unused eIDAS metadata after 7 days
 
 	//eIDAS request parameters
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java
index d9453322f..9895ca79f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java
@@ -56,7 +56,7 @@ public class MoaEidasConditionsValidator extends ConditionsSpecValidator {
             throw new ValidationException("NotBefore is required.");
         }
 
-        if (conditions.getNotBefore().minusMillis(Constants.CONFIG_PROPS_SKEWTIME).isAfterNow()) {
+        if (conditions.getNotBefore().plusMillis((int)Constants.CONFIG_PROPS_SKEWTIME_BEFORE).isAfterNow()) {
             throw new ValidationException("Current time is before NotBefore condition");
         }
 
@@ -64,7 +64,7 @@ public class MoaEidasConditionsValidator extends ConditionsSpecValidator {
 
             throw new ValidationException("NotOnOrAfter is required.");
         }
-        if (conditions.getNotOnOrAfter().isBeforeNow()) {
+        if (conditions.getNotOnOrAfter().plusMillis((int)Constants.CONFIG_PROPS_SKEWTIME_AFTER).isBeforeNow()) {
 
             throw new ValidationException("Current time is after NotOnOrAfter condition");
         }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index a31bbaf02..17e112c4c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -57,8 +57,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//validate SAML token
 			IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, 
 					request.getRemoteHost(), 
-					Constants.CONFIG_PROPS_SKEWTIME, 
-					Constants.CONFIG_PROPS_SKEWTIME,
+					Constants.CONFIG_PROPS_SKEWTIME_BEFORE, 
+					Constants.CONFIG_PROPS_SKEWTIME_AFTER,
 					pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
 												
 			if (samlResp.isEncrypted()) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index bfe410fc2..cc9b09107 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -126,6 +126,7 @@ public class EidasMetaDataRequest implements IAction {
         metadataConfigBuilder.entityID(metadata_url);
         metadataConfigBuilder.assertionConsumerUrl(sp_return_url);
                                 
+        metadataConfigBuilder.addProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
         metadataConfigBuilder.addProtocolBindingLocation(
         		SAMLConstants.SAML2_POST_BINDING_URI, 
         		pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST);