search

javaee / metro-wsit

https://javaee.github.io/metro-wsit/
Other
9 stars 24 forks source link

SAML Assertions have illegal time value format #1478

Open glassfishrobot opened 13 years ago

glassfishrobot commented 13 years ago

When using Metro for a client that generate SAML assertions the format of time values (NotBefore, NotOnOrAfter, IssueInstant) is of the tipe "2010-10-15T11:21:31.836+02:00" that is not working with other SAML 2 implementations (i.e. IBM Datapower) as it doesnt'follow SAML 2 Core Specification that says:

"1.3.3 Time Values All SAML time values have the type xs:dateTime, which is built in to the W3C XML Schema Datatypes specification [Schema2], and MUST be expressed in UTC form, with no time zone component. SAML system entities SHOULD NOT rely on time resolution finer than milliseconds. Implementations MUST NOT generate time instants that specify leap seconds. ". So the correct time format should be: "2010-10-15T09:21:31.836Z"

The only workaround is to pass to SAMLAssertionFactory GregorianCalendar objects where the time zone is forced to UTC.

But as this is a specification requirement it should be automatically forced from the Metro framework.

Environment

Operating System: All Platform: All

Affected Versions

[2.1]

glassfishrobot commented 13 years ago

Reported by montebove@java.net

glassfishrobot commented 13 years ago

sm228678@java.net said: Assigned to myself !!

I believe we are already forcing the UTC time format with the GregorianCalendar objects

we use this saml callback handler : https://xwss.dev.java.net/files/documents/4864/50700/SamlCallbackHandler.java

glassfishrobot commented 13 years ago

montebove@java.net said: Yes, your sample saml callback handler will work fine as your GregorianCalendar have UTC time zone. But this way you leave the correctness of resulting SAML assertion to callback programmer. On my opinion Metro framework should check the time zone and if it's not UTC force it.

glassfishrobot commented 13 years ago

mmatula said: Kumar, please evaluate.

glassfishrobot commented 11 years ago

symonchang said: Workaround is available, and the issue needs to be verified. Request to waive on this release.

glassfishrobot commented 11 years ago

snajper said: IMO priority of this one be lowered or closed if we don't plan to fix this.

glassfishrobot commented 11 years ago

symonchang said: downgrade to minor

glassfishrobot commented 13 years ago

Was assigned to symonchang

glassfishrobot commented 7 years ago

This issue was imported from java.net JIRA WSIT-1478