From 87d95e00e8dbf1824c496b8348c382d13039f6e8 Mon Sep 17 00:00:00 2001 From: Almer Bolatov Date: Fri, 7 Jun 2019 16:30:30 +0200 Subject: [PATCH] Update conditions tag Some of the service providers require "NotBefore" and "NotOnOrAfter" attributes in the tag. We were trying to configure `dustin-decker/saml-proxy` to work with `mujina-idp`, but came across security related exceptions which we fixed locally by adding the formentioned attributes. --- mujina-common/src/main/java/mujina/saml/SAMLBuilder.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mujina-common/src/main/java/mujina/saml/SAMLBuilder.java b/mujina-common/src/main/java/mujina/saml/SAMLBuilder.java index 526aef55..01000e52 100644 --- a/mujina-common/src/main/java/mujina/saml/SAMLBuilder.java +++ b/mujina-common/src/main/java/mujina/saml/SAMLBuilder.java @@ -103,6 +103,8 @@ public static Assertion buildAssertion(SAMLPrincipal principal, Status status, S audienceRestriction.getAudiences().add(audience); Conditions conditions = buildSAMLObject(Conditions.class, Conditions.DEFAULT_ELEMENT_NAME); + conditions.setNotBefore(new DateTime().minusMinutes(3)); + conditions.setNotOnOrAfter(new DateTime().plusMinutes(3)); conditions.getAudienceRestrictions().add(audienceRestriction); assertion.setConditions(conditions);