From 3e3109fbf3f93f52919f0ba6089b5488f598c149 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 4 Nov 2014 11:40:33 +0100 Subject: add clock screw to assertion time validation --- .../id/protocols/pvp2x/verification/SAMLVerificationEngine.java | 8 ++++++-- pom.xml | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index 4ba93f8fe..2247ad227 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -174,10 +174,14 @@ public class SAMLVerificationEngine { for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { Conditions conditions = saml2assertion.getConditions(); - DateTime notbefore = conditions.getNotBefore(); + DateTime notbefore = conditions.getNotBefore().minusMinutes(5); DateTime notafter = conditions.getNotOnOrAfter(); if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { - Logger.warn("PVP2 Assertion is out of Date"); + Logger.warn("PVP2 Assertion is out of Date. " + + "{ Current : " + new DateTime() + + " NotBefore: " + notbefore + + " NotAfter : " + notafter + + " }"); } else { validatedassertions.add(saml2assertion); diff --git a/pom.xml b/pom.xml index 3407bfcd9..280c1c012 100644 --- a/pom.xml +++ b/pom.xml @@ -12,7 +12,7 @@ UTF-8 2.0.1 - 2.1.2 + 2.1.2.1 2.0.0 2.0.3 1.1.4 -- cgit v1.2.3