Commit 762b8fd

@@ -39,6 +39,11 @@ class SamlResponse
               xml.SubjectConfirmationData "", subject_confirmation_data_options
             end
           end
+          xml.Conditions conditions_options do
+            xml.AudienceRestriction do
+              xml.Audience request.issuer
+            end
+          end
         end
       end
       xml.target!
@@ -82,6 +87,13 @@ class SamlResponse
       }
     end
 
+    def conditions_options
+      {
+        NotBefore: 5.seconds.ago.utc.iso8601,
+        NotOnOrAfter: 3.hours.from_now.utc.iso8601,
+      }
+    end
+
     def name_id_format
       "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
     end

@@ -4,7 +4,7 @@ describe SamlResponse do
   describe ".for" do
     subject { described_class }
     let(:user) { double(:user, uuid: SecureRandom.uuid) }
-    let(:request) { double(id: SecureRandom.uuid, acs_url: acs_url) }
+    let(:request) { double(id: SecureRandom.uuid, acs_url: acs_url, issuer: FFaker::Movie.title) }
     let(:acs_url) { "https://#{FFaker::Internet.domain_name}/acs" }
     let(:issuer) { FFaker::Movie.title }
 
@@ -79,6 +79,10 @@ describe SamlResponse do
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['NotOnOrAfter']).to eql(3.hours.from_now.utc.iso8601)
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['Recipient']).to eql(acs_url)
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['InResponseTo']).to eql(request.id)
+
+      expect(hash['Response']['Assertion']['Conditions']['NotBefore']).to eql(5.seconds.ago.utc.iso8601)
+      expect(hash['Response']['Assertion']['Conditions']['NotOnOrAfter']).to eql(3.hours.from_now.utc.iso8601)
+      expect(hash['Response']['Assertion']['Conditions']['AudienceRestriction']['Audience']).to eql(request.issuer)
     end
   end
 end