Commit b99c010
Changed files (3)
lib
saml
spec
saml
lib/saml/kit/configuration.rb
@@ -7,7 +7,7 @@ module Saml
attr_accessor :issuer
attr_accessor :signature_method, :digest_method
attr_accessor :signing_certificate_pem, :signing_private_key_pem, :signing_private_key_password
- attr_accessor :registry
+ attr_accessor :registry, :session_timeout
def initialize
@signature_method = :SHA256
@@ -15,6 +15,7 @@ module Saml
@signing_private_key_password = SecureRandom.uuid
@signing_certificate_pem, @signing_private_key_pem = SelfSignedCertificate.new(@signing_private_key_password).create
@registry = DefaultRegistry.new
+ @session_timeout = 3.hours
end
def stripped_signing_certificate
lib/saml/kit/response.rb
@@ -232,15 +232,15 @@ module Saml
def subject_confirmation_data_options
{
InResponseTo: request.id,
- NotOnOrAfter: 3.hours.from_now.utc.iso8601,
+ NotOnOrAfter: 3.hours.since(now).utc.iso8601,
Recipient: request.acs_url,
}
end
def conditions_options
{
- NotBefore: 5.seconds.ago.utc.iso8601,
- NotOnOrAfter: 3.hours.from_now.utc.iso8601,
+ NotBefore: now.utc.iso8601,
+ NotOnOrAfter: Saml::Kit.configuration.session_timeout.from_now.utc.iso8601,
}
end
spec/saml/response_spec.rb
@@ -92,7 +92,7 @@ RSpec.describe Saml::Kit::Response do
expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['Recipient']).to eql(acs_url)
expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['InResponseTo']).to eql(request.id)
- expect(hash['Response']['Assertion']['Conditions']['NotBefore']).to eql(5.seconds.ago.utc.iso8601)
+ expect(hash['Response']['Assertion']['Conditions']['NotBefore']).to eql(0.seconds.ago.utc.iso8601)
expect(hash['Response']['Assertion']['Conditions']['NotOnOrAfter']).to eql(3.hours.from_now.utc.iso8601)
expect(hash['Response']['Assertion']['Conditions']['AudienceRestriction']['Audience']).to eql(request.issuer)