Commit 57ee72a

From the spec: https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf ```text 2.4.1.2 Element <SubjectConfirmationData> The <SubjectConfirmationData> element has the SubjectConfirmationDataType complex type. It specifies additional data that allows the subject to be confirmed or constrains the circumstances under which the act of subject confirmation can take place. Subject confirmation takes place when a relying party seeks to verify the relationship between an entity presenting the assertion (that is, the attesting entity) and the subject of the assertion's claims. It contains the following optional attributes that can apply to any method: NotBefore [Optional] A time instant before which the subject cannot be confirmed. The time value is encoded in UTC, as described in Section 1.3.3. NotOnOrAfter [Optional] A time instant at which the subject can no longer be confirmed. The time value is encoded in UTC, as described in Section 1.3.3. ``` From PingFed. ```text The status code of the Response was not Success, was Responder -> (reference# SGKBSKUD) Response contains no valid assertions: [ Assertion (_4c5a7b29-f1a6-4388-9742-07d138ab3bed) Status: INVALID Remarks: (Profiles 4.1.4.2) assertion could not be confirmed - here's why: [#1 subject confirmation is unsatisfactory: [The bearer <SubjectConfirmation> element MUST contain a <SubjectConfirmationData> element that MUST contain a NotOnOrAfter attribute that limits the window during which the assertion can be delivered]]]. InMessageContext XML: <Response ID="_55bd9f0f-77d6-4bd6-a63d-689f0ce95660" Version="2.0" IssueInstant="2018-08-13T17:52:13Z" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="" InResponseTo="CVsw0s5XmowOa_f7KC0cxnepadE" xmlns="urn:oasis:names:tc:SAML:2.0:protocol"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion"></Issuer> ```