SamlAssertionValidator SAML Token condition (Not On Or After) not met

Fri, 03 Oct 2014 16:03:48 -0700 

I am running into issue with service side ws-security for SAML token.

I am getting error:
org.apache.ws.security.WSSecurityException: General security error (SAML
token security failure)
        at
org.apache.ws.security.validate.SamlAssertionValidator.checkConditions(SamlAssertionValidator.java:157)

But only real info I get as to what the error might be is this DEBUG log:

2014-10-03 15:28:31,490 [WebContainer : 0]
org.apache.ws.security.validate.SamlAssertionValidator.checkConditions(SamlAssertionValidator.java:156)
 DEBUG : SAML Token condition (Not On Or After) not met

However, if I look at the Issue time of SAML assertion and at its (Not On Or
After) saml conditions, it still fall between these SAML conditions (see
SAML assertion below).  So what could be causing this error as it certainly
seems that it should not be failing any (Not On Or After) check as 20:08 is
certainly within 20:06 to 20:13

SAML Assertion:

<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="SamlAssertion-7f299a8374127abc6f5ca966bf50d525"
IssueInstant="2014-10-03T20:08:33.564Z" Version="2.0">
<saml2:Issuer>https://mysts/endpoint1</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="">jeffc</saml2:NameID>
<saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"></saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore=&quot;2014-10-03T20:06:33.565Z&quot;
NotOnOrAfter=&quot;2014-10-03T&lt;b>20:13*:33.565Z"></saml2:Conditions>
<saml2:AttributeStatement>
<saml2:Attribute Name="cn"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue>cn=EVENT_TAB,ou=Admin,ou=Authorities,ou=MyApp1,ou=Services,o=LDAP</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthnStatement AuthnInstant="2014-10-03T20:08:33.564Z">
<saml2:SubjectLocality Address="10.134.99.99"></saml2:SubjectLocality>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>






--
View this message in context: 
http://cxf.547215.n5.nabble.com/SamlAssertionValidator-SAML-Token-condition-Not-On-Or-After-not-met-tp5749413.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to