Hi, Discussed a solution for this with Johann.
According to the SAML specification it's not mandatory to have the "SessionOnOrAfter" attribute within the "AuthnStatement" though the plugin code checks for that. If it's necessary you can add it by modifying the buildSAMLAssertion method in ResponseBuilder class. On Wed, Feb 11, 2015 at 11:40 AM, Nirmani Meegahathenna <[email protected]> wrote: > Kind Reminder on this issue. > > On Tue, Feb 10, 2015 at 3:38 PM, Nirmani Meegahathenna <[email protected]> > wrote: > >> Adding to Dev group >> >> On Tue, Feb 10, 2015 at 3:04 PM, Nirmani Meegahathenna <[email protected]> >> wrote: >> >>> Hi, >>> >>> I'm trying to integrate Jira and IS for SSO provisioning. Using LastPass >>> Jira SAML Plugin for this. >>> https://github.com/lastpass/jira-saml >>> >>> When a user tries to log in, the request is sent to IS and an >>> authentication response is sent back to Jira. And then I'm getting a server >>> 500 error due to a NullPointerException. Below is the error log. >>> >>>> Referer URL: *Unknown* >>>> >>>> java.lang.NullPointerException >>>> >>>> java.lang.NullPointerException >>>> at com.lastpass.saml.SAMLClient.validate(SAMLClient.java:219) >>>> at com.lastpass.saml.SAMLClient.validateResponse(SAMLClient.java:429) >>>> at >>>> com.lastpass.jira.SAMLAuthenticator.getUser(SAMLAuthenticator.java:165) >>>> at >>>> com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:136) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:100) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.seraph.filter.BaseLoginFilter.doFilter(BaseLoginFilter.java:172) >>>> at >>>> com.atlassian.jira.web.filters.JiraLoginFilter.doFilter(JiraLoginFilter.java:70) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) >>>> at >>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) >>>> at >>>> com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:79) >>>> at >>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:78) >>>> at >>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) >>>> at >>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) >>>> at >>>> com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61) >>>> at >>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:78) >>>> at >>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) >>>> at >>>> com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) >>>> at >>>> com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.util.profiling.filters.ProfilingFilter.doFilter(ProfilingFilter.java:99) >>>> at >>>> com.atlassian.jira.web.filters.JIRAProfilingFilter.doFilter(JIRAProfilingFilter.java:19) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.johnson.filters.AbstractJohnsonFilter.doFilter(AbstractJohnsonFilter.java:71) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) >>>> at >>>> org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) >>>> at >>>> org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) >>>> at >>>> org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.gzipfilter.GzipFilter.doFilterInternal(GzipFilter.java:82) >>>> at com.atlassian.gzipfilter.GzipFilter.doFilter(GzipFilter.java:59) >>>> at >>>> com.atlassian.jira.web.filters.gzip.JiraGzipFilter.doFilter(JiraGzipFilter.java:55) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) >>>> at >>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) >>>> at >>>> com.atlassian.analytics.client.filter.JiraAnalyticsFilter.doFilter(JiraAnalyticsFilter.java:40) >>>> at >>>> com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) >>>> at >>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:78) >>>> at >>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) >>>> at >>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) >>>> at >>>> com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61) >>>> at >>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:78) >>>> at >>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) >>>> at >>>> com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) >>>> at >>>> com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:87) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.core.filters.cache.AbstractCachingFilter.doFilter(AbstractCachingFilter.java:33) >>>> at >>>> com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.core.filters.encoding.AbstractEncodingFilter.doFilter(AbstractEncodingFilter.java:41) >>>> at >>>> com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) >>>> at >>>> com.atlassian.jira.web.filters.PathMatchingEncodingFilter.doFilter(PathMatchingEncodingFilter.java:49) >>>> at >>>> com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.jira.startup.JiraStartupChecklistFilter.doFilter(JiraStartupChecklistFilter.java:79) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.jira.web.filters.MultipartBoundaryCheckFilter.doFilter(MultipartBoundaryCheckFilter.java:41) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:87) >>>> at >>>> com.atlassian.jira.web.filters.JiraFirstFilter.doFilter(JiraFirstFilter.java:60) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>> at >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>> at >>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) >>>> at >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >>>> at >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>> at >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>> at >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >>>> at >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) >>>> at >>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) >>>> at >>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) >>>> at >>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>> at >>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>> at java.lang.Thread.run(Thread.java:724) >>>> >>>> This is the code snippet where the Exception occurs. >>> >>>> for (AuthnStatement as: assertion.getAuthnStatements()) { >>>> >>>> DateTime exp = >>>>> as.getSessionNotOnOrAfter().plusSeconds(slack); >>>> >>>> if (exp != null && >>>> >>>> (now.isEqual(exp) || now.isAfter(exp))) >>>> >>>> throw new ValidationException( >>>> >>>> "AuthnStatement has expired"); >>>> >>>> } >>>> >>>> Full code is in here. >>> >>> https://github.com/lastpass/saml-sdk-java/blob/master/src/com/lastpass/saml/SAMLClient.java#L219 >>> >>> This happens because it checks for session's "NotOnOrAfter" attribute >>> within the "AuthnStatement", but it is outside the "AuthnStatement" in the >>> SAML Response sent from IS. >>> >>> Here is the SAML Response sent from IS. >>> >>>> <saml2p:Response Destination="http://localhost:8085/saml_acs.jsp"; >>>>> >>>> ID="ikomjgjecbhlnfkjfjdanfkfeiikllpoehfpbglp" >>>> >>>> >>>>> >>>>> InResponseTo="470a8e67051a1cf2c9878e183e98530385c052ae42863df46c431043ed9ba7e7" >>>> >>>> IssueInstant="2015-02-10T06:11:48.139Z" >>>> >>>> Version="2.0" >>>> >>>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >>>> >>>> > >>>> >>>> <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >>>> >>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >>>> >>>> >localhost</saml2:Issuer> >>>> >>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>> >>>> <ds:SignedInfo> >>>> >>>> <ds:CanonicalizationMethod Algorithm=" >>>>> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>>> >>>> <ds:SignatureMethod Algorithm=" >>>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> >>>> >>>> <ds:Reference URI="#ikomjgjecbhlnfkjfjdanfkfeiikllpoehfpbglp"> >>>> >>>> <ds:Transforms> >>>> >>>> <ds:Transform Algorithm=" >>>>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> >>>> >>>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>>> >>>> </ds:Transforms> >>>> >>>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> >>>> >>>> <ds:DigestValue>pp7QlMArRO18k3QRZPWBcYXb/zg=</ds:DigestValue> >>>> >>>> </ds:Reference> >>>> >>>> </ds:SignedInfo> >>>> >>>> >>>>> <ds:SignatureValue>YeEsHiFI97brhZl4are0bBmFdp43t7i1ZI5vygUpQdXe/xOxJ50TheZU4e9NDtGzmRUMFPPwOq2/3hMzlNEnhyIA71yOq3DzQXV0qoYmxnWJ3Wzr0Zffm89VzuTpJ/Sg7puW1Jnc6jSAe6pprz/UVXwwqZNgizSVKwJ4a/uP6lo=</ds:SignatureValue> >>>> >>>> <ds:KeyInfo> >>>> >>>> <ds:X509Data> >>>> >>>> >>>>> <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate> >>>> >>>> </ds:X509Data> >>>> >>>> </ds:KeyInfo> >>>> >>>> </ds:Signature> >>>> >>>> <saml2p:Status> >>>> >>>> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> >>>> >>>> </saml2p:Status> >>>> >>>> <saml2:Assertion ID="bgjkdehpojbjkllkmgpegofieacjnjfgbenlnhkb" >>>> >>>> IssueInstant="2015-02-10T06:11:48.141Z" >>>> >>>> Version="2.0" >>>> >>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >>>> >>>> > >>>> >>>> <saml2:Issuer >>>>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">localhost</saml2:Issuer> >>>> >>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>> >>>> <ds:SignedInfo> >>>> >>>> <ds:CanonicalizationMethod Algorithm=" >>>>> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>>> >>>> <ds:SignatureMethod Algorithm=" >>>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> >>>> >>>> <ds:Reference URI="#bgjkdehpojbjkllkmgpegofieacjnjfgbenlnhkb"> >>>> >>>> <ds:Transforms> >>>> >>>> <ds:Transform Algorithm=" >>>>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> >>>> >>>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>>> >>>> </ds:Transforms> >>>> >>>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> >>>> >>>> <ds:DigestValue>3vMPs2Ks1e2C3mHLAYWmzsHMyfc=</ds:DigestValue> >>>> >>>> </ds:Reference> >>>> >>>> </ds:SignedInfo> >>>> >>>> >>>>> <ds:SignatureValue>A2FMg9XlfTmngFQLMWBvOZcvwWPZUrK68aZPJLFSD5GHl9ZMN2cNbebj1XW7frocnbaYO48VUzdXG+Wl3rVzHAtIYQ5VlDC+5DNyTBYvqps8LmRV5OzVcevBgeqr/miOkixuCrcOeTvYVHh3RNuHMAM/IE35/xa8/wMuklNrwl8=</ds:SignatureValue> >>>> >>>> <ds:KeyInfo> >>>> >>>> <ds:X509Data> >>>> >>>> >>>>> <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate> >>>> >>>> </ds:X509Data> >>>> >>>> </ds:KeyInfo> >>>> >>>> </ds:Signature> >>>> >>>> <saml2:Subject> >>>> >>>> <saml2:NameID >>>>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress">admina</saml2:NameID> >>>> >>>> <saml2:SubjectConfirmation >>>>> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> >>>> >>>> <saml2:SubjectConfirmationData >>>>> InResponseTo="470a8e67051a1cf2c9878e183e98530385c052ae42863df46c431043ed9ba7e7" >>>> >>>> NotOnOrAfter="2015-02-10T06:16:48.139Z" >>>> >>>> Recipient=" >>>>> http://localhost:8085/saml_acs.jsp"; >>>> >>>> /> >>>> >>>> </saml2:SubjectConfirmation> >>>> >>>> </saml2:Subject> >>>> >>>> <saml2:Conditions NotBefore="2015-02-10T06:11:48.141Z" >>>> >>>> NotOnOrAfter="2015-02-10T06:16:48.139Z" >>>> >>>> > >>>> >>>> <saml2:AudienceRestriction> >>>> >>>> <saml2:Audience>http://localhost:8085/secure/Dashboard.jspa >>>>> </saml2:Audience> >>>> >>>> </saml2:AudienceRestriction> >>>> >>>> </saml2:Conditions> >>>> >>>> <saml2:AuthnStatement AuthnInstant="2015-02-10T06:11:48.146Z" >>>> >>>> >>>>> SessionIndex="2a5faf12-9d84-476c-94c3-e493a04960ae" >>>> >>>> > >>>> >>>> <saml2:AuthnContext> >>>> >>>> >>>>> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef> >>>> >>>> </saml2:AuthnContext> >>>> >>>> </saml2:AuthnStatement> >>>> >>>> </saml2:Assertion> >>>> >>>> </saml2p:Response> >>>> >>>> >>> Is there any way I can get session's "NotOnOrAfter" attribute within the >>> "AuthnStatement" in the SAML Response from IS. >>> >>> Thanks and Regards. >>> >>> -- >>> Nirmani Meegahathenna >>> *Software Engineer Intern* >>> Mobile : +94 (0) 775 507684 >>> [email protected] <[email protected]> >>> >> >> >> >> -- >> Nirmani Meegahathenna >> *Software Engineer Intern* >> Mobile : +94 (0) 775 507684 >> [email protected] <[email protected]> >> > > > > -- > Nirmani Meegahathenna > *Software Engineer Intern* > Mobile : +94 (0) 775 507684 > [email protected] <[email protected]> > -- Nirmani Meegahathenna *Software Engineer Intern* Mobile : +94 (0) 775 507684 [email protected] <[email protected]>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
