[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    [jira] [Resolved] (WSS-603) Improper date check in SamlAssertionWrapper.checkIssueInstant
From:       "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date:       2017-03-22 15:50:42
Message-ID: JIRA.13058258.1490195612000.89717.1490197842198 () Atlassian ! JIRA
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Colm O hEigeartaigh resolved WSS-603.
-------------------------------------
    Resolution: Fixed

> Improper date check in SamlAssertionWrapper.checkIssueInstant
> -------------------------------------------------------------
> 
> Key: WSS-603
> URL: https://issues.apache.org/jira/browse/WSS-603
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.1.8
> Reporter: John Shipman
> Assignee: Colm O hEigeartaigh
> Priority: Blocker
> Fix For: 2.2.0, 2.0.11, 2.1.9
> 
> 
> On line 574, the code is supposed to be calculating the SAML Assertions expiration. \
> The code is calculating the lower bound on the time window, but is not properly \
> storing the calculated DateTime.  So rather than checking the Issue, and is \
> effectively checking to see if the issue date is after the current time, which is \
> never the case. The code reads:
> currentTime.minusSeconds(ttl);
> The code should read:
> currentTime = currentTime.minusSeconds(ttl);



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]