Comparing changes

v1.0.19 → v1.0.20

5 commits 3 files changed

Commits

6a797ad fix lint error. mo 2018-08-11 22:35:18

5747a00 bump version. mo 2018-08-11 22:32:19

7a8c95a Fix SubjectConfirmationData#NotOnOrAfter mo 2018-08-11 22:20:58

da194a4 extract not_on_or_after method. mo 2018-08-11 22:05:34

268b0a0 use configured session timeout. mo 2018-08-11 21:54:11

Changed files (3)

lib

saml

kit

builders

assertion.rb

version.rb

spec

saml

kit

builders

response_spec.rb

lib/saml/kit/builders/assertion.rb

@@ -50,16 +50,17 @@ module Saml
         end
 
         def subject_confirmation_data_options
-          options = { NotOnOrAfter: 3.hours.since(now).utc.iso8601 }
-          options[:Recipient] = destination if destination.present?
+          options = {}
           options[:InResponseTo] = request.id if request.present?
+          options[:NotOnOrAfter] = (not_on_or_after - 1.second).iso8601
+          options[:Recipient] = destination if destination.present?
           options
         end
 
         def conditions_options
           {
             NotBefore: now.utc.iso8601,
-            NotOnOrAfter: configuration.session_timeout.since(now).utc.iso8601,
+            NotOnOrAfter: not_on_or_after.iso8601,
           }
         end
 
@@ -67,13 +68,16 @@ module Saml
           {
             AuthnInstant: now.iso8601,
             SessionIndex: reference_id,
-            SessionNotOnOrAfter: configuration.session_timeout.since(now).utc.iso8601,
           }
         end
 
         def name_id_options
           { Format: name_id_format || default_name_id_format }
         end
+
+        def not_on_or_after
+          configuration.session_timeout.since(now).utc
+        end
       end
     end
   end

lib/saml/kit/version.rb

@@ -2,6 +2,6 @@
 
 module Saml
   module Kit
-    VERSION = '1.0.19'.freeze
+    VERSION = '1.0.20'.freeze
   end
 end

spec/saml/kit/builders/response_spec.rb

@@ -76,7 +76,7 @@ RSpec.describe Saml::Kit::Builders::Response do
 
       expect(hash['Response']['Assertion']['Subject']['NameID']).to eql(user.name_id)
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['Method']).to eql('urn:oasis:names:tc:SAML:2.0:cm:bearer')
-      expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['NotOnOrAfter']).to eql(3.hours.from_now.utc.iso8601)
+      expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['NotOnOrAfter']).to eql((3.hours.from_now.utc - 1.second).iso8601)
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['Recipient']).to eql(assertion_consumer_service_url)
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['InResponseTo']).to eql(request.id)
 
@@ -85,7 +85,6 @@ RSpec.describe Saml::Kit::Builders::Response do
       expect(hash['Response']['Assertion']['Conditions']['AudienceRestriction']['Audience']).to eql(request.issuer)
 
       expect(hash['Response']['Assertion']['AuthnStatement']['AuthnInstant']).to eql(Time.now.utc.iso8601)
-      expect(hash['Response']['Assertion']['AuthnStatement']['SessionNotOnOrAfter']).to eql(3.hours.from_now.utc.iso8601)
       expect(hash['Response']['Assertion']['AuthnStatement']['SessionIndex']).to eql(hash['Response']['Assertion']['ID'])
       expect(hash['Response']['Assertion']['AuthnStatement']['AuthnContext']['AuthnContextClassRef']).to eql('urn:oasis:names:tc:SAML:2.0:ac:classes:Password')