mace-opensaml-users - RE: What's the purpose of 5 addititional minutes in SAMLPostProfile.accept() check?
Subject: OpenSAML user discussion
List archive
RE: What's the purpose of 5 addititional minutes in SAMLPostProfile.accept() check?
Chronological Thread
- From: Scott Cantor <>
- To: 'Shannon Kendrick' <>,
- Subject: RE: What's the purpose of 5 addititional minutes in SAMLPostProfile.accept() check?
- Date: Wed, 05 Mar 2003 10:40:48 -0500
- Importance: Normal
- Organization: The Ohio State University
> I noticed in SAMLPostProfile.accept() the following check:
>
> if (r.getIssueInstant().getTime() + (1000 * ttlSeconds) + 300000 <
> System.currentTimeMillis())
> throw new ExpiredAssertionException(SAMLException.RESPONDER,
> "SAMLPOSTProfile.accept() detected expired response");
>
> What's the purpose of the additional 300000 ms? Looks like
> you are adding an additional 5 minutes to whatever I provide
> as the time-to-live?
Clock skew. The C++ code now makes that value configurable. I don't recall if
I propagated that to Java or not, but I will
eventually.
-- Scott
---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
---------------------------------------------------mace-opensaml-users--
- What's the purpose of 5 addititional minutes in SAMLPostProfile.accept() check?, Shannon Kendrick, 03/05/2003
- RE: What's the purpose of 5 addititional minutes in SAMLPostProfile.accept() check?, Scott Cantor, 03/05/2003
Archive powered by MHonArc 2.6.16.