shibboleth-dev - Re: shib2 idp (issue time)
Subject: Shibboleth Developers
List archive
- From: Jim Fox <>
- To:
- Subject: Re: shib2 idp (issue time)
- Date: Tue, 6 Nov 2007 14:49:24 -0800 (PST)
Looking closer I see that near the end of ShibbolethSSODecoder, where
the issue instant is set,
long time = Long.parseLong(timeStr);
gives: 1194389214
but
new DateTime(time, ISOChronology.getInstanceUTC());
returns: 1970-01-14T19:46:29.214Z
Jim
Since upgrading to the latest IdP code I've started to
get this error on the authn first leg.
13:46:22.401 ERROR [org.opensaml.common.binding.security.MessageReplayRule] Message contained no ID, replay check not possible
13:46:22.402 ERROR [org.opensaml.common.binding.security.IssueInstantRule] Message was expired: message issue time was '1970-01-14T19:46:25.582Z', message expired at: '1970-01-14T19:51:35.582Z', current time: '2007-11-06T13:46:22.402-08:00'
13:46:22.402 ERROR [edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler] Shibboleth SSO request does not meet security requirements
org.opensaml.ws.security.SecurityPolicyException: Message was rejected due to issue instant expiration
It looks like someone, somewhere is getting a zero for the issue time. The same SP (also 2.0) works with other IdPs.
Jim
- shib2 idp (issue time), Jim Fox, 11/06/2007
- Re: shib2 idp (issue time), Jim Fox, 11/06/2007
- Re: shib2 idp (issue time), Jim Fox, 11/06/2007
- RE: shib2 idp (issue time), Scott Cantor, 11/06/2007
- Re: shib2 idp (issue time), Chad La Joie, 11/06/2007
- Re: shib2 idp (issue time), Jim Fox, 11/06/2007
- Re: shib2 idp (issue time), Chad La Joie, 11/07/2007
- Re: shib2 idp (issue time), Jim Fox, 11/06/2007
- Re: shib2 idp (issue time), Chad La Joie, 11/06/2007
- RE: shib2 idp (issue time), Scott Cantor, 11/06/2007
- Re: shib2 idp (issue time), Jim Fox, 11/06/2007
- Re: shib2 idp (issue time), Jim Fox, 11/06/2007
Archive powered by MHonArc 2.6.16.