Skip to Content.
Sympa Menu

mace-opensaml-users - RE: Problem with time format in SAML response

Subject: OpenSAML user discussion

List archive

RE: Problem with time format in SAML response


Chronological Thread 
  • From: "Philpott, Robert" <>
  • To: "'Shannon Kendrick'" <>, "''" <>
  • Subject: RE: Problem with time format in SAML response
  • Date: Thu, 22 May 2003 15:37:15 -0400

An implementation responding with timezone offset is NOT conformant.

 

The SAML core specification states:

1.1.1 Time Values

All SAML time values have the type xsd:dateTime, which is built in to the W3C XML Schema Datatypes specification [Schema2], and MUST be expressed in UTC form.

 

SAML system entities SHOULD NOT rely on other applications supporting time resolution finer than milliseconds. Implementations MUST NOT generate time instants that specify leap seconds.

 

UTC time means using the "Z" format. 

 

XML Schema Part 2: Datatypes states the following re: UTC:

This representation may be immediately followed by a "Z" to indicate Coordinated Universal Time (UTC) or, to indicate the time zone, i.e. the difference between the local time and Coordinated Universal Time, immediately followed by a sign, + or -, followed by the difference from UTC represented as hh:mm (note: the minutes part is required). See ISO 8601 Date and Time Formats (§D) for details about legal values in the various fields. If the time zone is included, both hours and minutes must be present.

If you have a non-OpenSAML implementation generating such time value formats, it should be considered non-corforming and should be reported as a bug to the vendor.

Rob Philpott
RSA Security Inc.
The Most Trusted Name in e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020

-----Original Message-----
From: Shannon Kendrick [mailto:]
Sent: Thursday, May 22, 2003 3:24 PM
To:
Subject: Problem with time format in SAML response

 

Scott,

I've encountered a little problem when OpenSAML parses the "IssueInstant" in a SAML response. Here is the format that OpenSAML expects:

 

IssueInstant="2003-05-20T16:15:39Z"

 

But this is the format I'm receiving from a non-OpenSAML generated response:

 

IssueInstant="2003-05-20T16:15:39.789-04:00"

 

It appears that both are valid according the "dateTime" format specified in the W3C schema http://www.w3.org/TR/xmlschema-2/#dateTime. I can't think of a quick fix that would involve simply changing the SimpleDateFormat mask. Maybe you know of one.

 

Sincerely,

Shannon Kendrick


Archive powered by MHonArc 2.6.16.

Top of Page