Copying Ishara On Wed, Feb 11, 2015 at 2:32 PM, Nirmani Meegahathenna <[email protected]> wrote:
> Hi, > > Discussed a solution for this with Johann. > > According to the SAML specification it's not mandatory to have the > "SessionOnOrAfter" attribute within the "AuthnStatement" though the plugin > code checks for that. If it's necessary you can add it by modifying the > buildSAMLAssertion method in ResponseBuilder class. > > On Wed, Feb 11, 2015 at 11:40 AM, Nirmani Meegahathenna <[email protected]> > wrote: > >> Kind Reminder on this issue. >> >> On Tue, Feb 10, 2015 at 3:38 PM, Nirmani Meegahathenna <[email protected]> >> wrote: >> >>> Adding to Dev group >>> >>> On Tue, Feb 10, 2015 at 3:04 PM, Nirmani Meegahathenna <[email protected] >>> > wrote: >>> >>>> Hi, >>>> >>>> I'm trying to integrate Jira and IS for SSO provisioning. Using >>>> LastPass Jira SAML Plugin for this. >>>> https://github.com/lastpass/jira-saml >>>> >>>> When a user tries to log in, the request is sent to IS and an >>>> authentication response is sent back to Jira. And then I'm getting a server >>>> 500 error due to a NullPointerException. Below is the error log. >>>> >>>>> Referer URL: *Unknown* >>>>> >>>>> java.lang.NullPointerException >>>>> >>>>> java.lang.NullPointerException >>>>> at com.lastpass.saml.SAMLClient.validate(SAMLClient.java:219) >>>>> at com.lastpass.saml.SAMLClient.validateResponse(SAMLClient.java:429) >>>>> at >>>>> com.lastpass.jira.SAMLAuthenticator.getUser(SAMLAuthenticator.java:165) >>>>> at >>>>> com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:136) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:100) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.seraph.filter.BaseLoginFilter.doFilter(BaseLoginFilter.java:172) >>>>> at >>>>> com.atlassian.jira.web.filters.JiraLoginFilter.doFilter(JiraLoginFilter.java:70) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) >>>>> at >>>>> com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:79) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:78) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) >>>>> at >>>>> com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:78) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.util.profiling.filters.ProfilingFilter.doFilter(ProfilingFilter.java:99) >>>>> at >>>>> com.atlassian.jira.web.filters.JIRAProfilingFilter.doFilter(JIRAProfilingFilter.java:19) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.johnson.filters.AbstractJohnsonFilter.doFilter(AbstractJohnsonFilter.java:71) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) >>>>> at >>>>> org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) >>>>> at >>>>> org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) >>>>> at >>>>> org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.gzipfilter.GzipFilter.doFilterInternal(GzipFilter.java:82) >>>>> at com.atlassian.gzipfilter.GzipFilter.doFilter(GzipFilter.java:59) >>>>> at >>>>> com.atlassian.jira.web.filters.gzip.JiraGzipFilter.doFilter(JiraGzipFilter.java:55) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) >>>>> at >>>>> com.atlassian.analytics.client.filter.JiraAnalyticsFilter.doFilter(JiraAnalyticsFilter.java:40) >>>>> at >>>>> com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:78) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) >>>>> at >>>>> com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:78) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) >>>>> at >>>>> com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:87) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.core.filters.cache.AbstractCachingFilter.doFilter(AbstractCachingFilter.java:33) >>>>> at >>>>> com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.core.filters.encoding.AbstractEncodingFilter.doFilter(AbstractEncodingFilter.java:41) >>>>> at >>>>> com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) >>>>> at >>>>> com.atlassian.jira.web.filters.PathMatchingEncodingFilter.doFilter(PathMatchingEncodingFilter.java:49) >>>>> at >>>>> com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.jira.startup.JiraStartupChecklistFilter.doFilter(JiraStartupChecklistFilter.java:79) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.jira.web.filters.MultipartBoundaryCheckFilter.doFilter(MultipartBoundaryCheckFilter.java:41) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:87) >>>>> at >>>>> com.atlassian.jira.web.filters.JiraFirstFilter.doFilter(JiraFirstFilter.java:60) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>>> at >>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>>> at >>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) >>>>> at >>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >>>>> at >>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>>> at >>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>>> at >>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >>>>> at >>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) >>>>> at >>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) >>>>> at >>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) >>>>> at >>>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) >>>>> at >>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>>> at >>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>>> at >>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>> at java.lang.Thread.run(Thread.java:724) >>>>> >>>>> This is the code snippet where the Exception occurs. >>>> >>>>> for (AuthnStatement as: assertion.getAuthnStatements()) { >>>>> >>>>> DateTime exp = >>>>>> as.getSessionNotOnOrAfter().plusSeconds(slack); >>>>> >>>>> if (exp != null && >>>>> >>>>> (now.isEqual(exp) || now.isAfter(exp))) >>>>> >>>>> throw new ValidationException( >>>>> >>>>> "AuthnStatement has expired"); >>>>> >>>>> } >>>>> >>>>> Full code is in here. >>>> >>>> https://github.com/lastpass/saml-sdk-java/blob/master/src/com/lastpass/saml/SAMLClient.java#L219 >>>> >>>> This happens because it checks for session's "NotOnOrAfter" attribute >>>> within the "AuthnStatement", but it is outside the "AuthnStatement" in the >>>> SAML Response sent from IS. >>>> >>>> Here is the SAML Response sent from IS. >>>> >>>>> <saml2p:Response Destination="http://localhost:8085/saml_acs.jsp"; >>>>>> >>>>> ID="ikomjgjecbhlnfkjfjdanfkfeiikllpoehfpbglp" >>>>> >>>>> >>>>>> >>>>>> InResponseTo="470a8e67051a1cf2c9878e183e98530385c052ae42863df46c431043ed9ba7e7" >>>>> >>>>> IssueInstant="2015-02-10T06:11:48.139Z" >>>>> >>>>> Version="2.0" >>>>> >>>>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >>>>> >>>>> > >>>>> >>>>> <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >>>>> >>>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >>>>> >>>>> >localhost</saml2:Issuer> >>>>> >>>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>>> >>>>> <ds:SignedInfo> >>>>> >>>>> <ds:CanonicalizationMethod Algorithm=" >>>>>> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>>>> >>>>> <ds:SignatureMethod Algorithm=" >>>>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> >>>>> >>>>> <ds:Reference URI="#ikomjgjecbhlnfkjfjdanfkfeiikllpoehfpbglp"> >>>>> >>>>> <ds:Transforms> >>>>> >>>>> <ds:Transform Algorithm=" >>>>>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> >>>>> >>>>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>>>> >>>>> </ds:Transforms> >>>>> >>>>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> >>>>> >>>>> <ds:DigestValue>pp7QlMArRO18k3QRZPWBcYXb/zg=</ds:DigestValue> >>>>> >>>>> </ds:Reference> >>>>> >>>>> </ds:SignedInfo> >>>>> >>>>> >>>>>> <ds:SignatureValue>YeEsHiFI97brhZl4are0bBmFdp43t7i1ZI5vygUpQdXe/xOxJ50TheZU4e9NDtGzmRUMFPPwOq2/3hMzlNEnhyIA71yOq3DzQXV0qoYmxnWJ3Wzr0Zffm89VzuTpJ/Sg7puW1Jnc6jSAe6pprz/UVXwwqZNgizSVKwJ4a/uP6lo=</ds:SignatureValue> >>>>> >>>>> <ds:KeyInfo> >>>>> >>>>> <ds:X509Data> >>>>> >>>>> >>>>>> <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate> >>>>> >>>>> </ds:X509Data> >>>>> >>>>> </ds:KeyInfo> >>>>> >>>>> </ds:Signature> >>>>> >>>>> <saml2p:Status> >>>>> >>>>> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" >>>>>> /> >>>>> >>>>> </saml2p:Status> >>>>> >>>>> <saml2:Assertion ID="bgjkdehpojbjkllkmgpegofieacjnjfgbenlnhkb" >>>>> >>>>> IssueInstant="2015-02-10T06:11:48.141Z" >>>>> >>>>> Version="2.0" >>>>> >>>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >>>>> >>>>> > >>>>> >>>>> <saml2:Issuer >>>>>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">localhost</saml2:Issuer> >>>>> >>>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>>> >>>>> <ds:SignedInfo> >>>>> >>>>> <ds:CanonicalizationMethod Algorithm=" >>>>>> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>>>> >>>>> <ds:SignatureMethod Algorithm=" >>>>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> >>>>> >>>>> <ds:Reference URI="#bgjkdehpojbjkllkmgpegofieacjnjfgbenlnhkb"> >>>>> >>>>> <ds:Transforms> >>>>> >>>>> <ds:Transform Algorithm=" >>>>>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> >>>>> >>>>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>>>> >>>>> </ds:Transforms> >>>>> >>>>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> >>>>> >>>>> <ds:DigestValue>3vMPs2Ks1e2C3mHLAYWmzsHMyfc=</ds:DigestValue> >>>>> >>>>> </ds:Reference> >>>>> >>>>> </ds:SignedInfo> >>>>> >>>>> >>>>>> <ds:SignatureValue>A2FMg9XlfTmngFQLMWBvOZcvwWPZUrK68aZPJLFSD5GHl9ZMN2cNbebj1XW7frocnbaYO48VUzdXG+Wl3rVzHAtIYQ5VlDC+5DNyTBYvqps8LmRV5OzVcevBgeqr/miOkixuCrcOeTvYVHh3RNuHMAM/IE35/xa8/wMuklNrwl8=</ds:SignatureValue> >>>>> >>>>> <ds:KeyInfo> >>>>> >>>>> <ds:X509Data> >>>>> >>>>> >>>>>> <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate> >>>>> >>>>> </ds:X509Data> >>>>> >>>>> </ds:KeyInfo> >>>>> >>>>> </ds:Signature> >>>>> >>>>> <saml2:Subject> >>>>> >>>>> <saml2:NameID >>>>>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress">admina</saml2:NameID> >>>>> >>>>> <saml2:SubjectConfirmation >>>>>> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> >>>>> >>>>> <saml2:SubjectConfirmationData >>>>>> InResponseTo="470a8e67051a1cf2c9878e183e98530385c052ae42863df46c431043ed9ba7e7" >>>>> >>>>> NotOnOrAfter="2015-02-10T06:16:48.139Z" >>>>> >>>>> Recipient=" >>>>>> http://localhost:8085/saml_acs.jsp"; >>>>> >>>>> /> >>>>> >>>>> </saml2:SubjectConfirmation> >>>>> >>>>> </saml2:Subject> >>>>> >>>>> <saml2:Conditions NotBefore="2015-02-10T06:11:48.141Z" >>>>> >>>>> NotOnOrAfter="2015-02-10T06:16:48.139Z" >>>>> >>>>> > >>>>> >>>>> <saml2:AudienceRestriction> >>>>> >>>>> <saml2:Audience>http://localhost:8085/secure/Dashboard.jspa >>>>>> </saml2:Audience> >>>>> >>>>> </saml2:AudienceRestriction> >>>>> >>>>> </saml2:Conditions> >>>>> >>>>> <saml2:AuthnStatement AuthnInstant="2015-02-10T06:11:48.146Z" >>>>> >>>>> >>>>>> SessionIndex="2a5faf12-9d84-476c-94c3-e493a04960ae" >>>>> >>>>> > >>>>> >>>>> <saml2:AuthnContext> >>>>> >>>>> >>>>>> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef> >>>>> >>>>> </saml2:AuthnContext> >>>>> >>>>> </saml2:AuthnStatement> >>>>> >>>>> </saml2:Assertion> >>>>> >>>>> </saml2p:Response> >>>>> >>>>> >>>> Is there any way I can get session's "NotOnOrAfter" attribute within >>>> the "AuthnStatement" in the SAML Response from IS. >>>> >>>> Thanks and Regards. >>>> >>>> -- >>>> Nirmani Meegahathenna >>>> *Software Engineer Intern* >>>> Mobile : +94 (0) 775 507684 >>>> [email protected] <[email protected]> >>>> >>> >>> >>> >>> -- >>> Nirmani Meegahathenna >>> *Software Engineer Intern* >>> Mobile : +94 (0) 775 507684 >>> [email protected] <[email protected]> >>> >> >> >> >> -- >> Nirmani Meegahathenna >> *Software Engineer Intern* >> Mobile : +94 (0) 775 507684 >> [email protected] <[email protected]> >> > > > > -- > Nirmani Meegahathenna > *Software Engineer Intern* > Mobile : +94 (0) 775 507684 > [email protected] <[email protected]> > -- Nirmani Meegahathenna *Software Engineer Intern* Mobile : +94 (0) 775 507684 [email protected] <[email protected]>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
