ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (WSS-603) Improper date check in SamlAssertionWrapper.checkIssueInstant
Date Wed, 22 Mar 2017 15:37:41 GMT

     [ https://issues.apache.org/jira/browse/WSS-603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh updated WSS-603:
------------------------------------
    Fix Version/s: 2.1.9
                   2.0.11
                   2.2.0

> Improper date check in SamlAssertionWrapper.checkIssueInstant
> -------------------------------------------------------------
>
>                 Key: WSS-603
>                 URL: https://issues.apache.org/jira/browse/WSS-603
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.1.8
>            Reporter: John Shipman
>            Assignee: Colm O hEigeartaigh
>            Priority: Blocker
>             Fix For: 2.2.0, 2.0.11, 2.1.9
>
>
> On line 574, the code is supposed to be calculating the SAML Assertions expiration. 
The code is calculating the lower bound on the time window, but is not properly storing the
calculated DateTime.  So rather than checking the Issue, and is effectively checking to see
if the issue date is after the current time, which is never the case.
> The code reads:
>    currentTime.minusSeconds(ttl);
> The code should read:
>    currentTime = currentTime.minusSeconds(ttl);



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message