Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-120022

Non-compliance with SAML 2.0 spec meaning of authnInstant

    Details

    • Type: Bug
    • Status: Verified
    • Resolution: Unresolved
    • Affects Version/s: 7.0.X, 7.1.X, 7.2.X, Master
    • Fix Version/s: None
    • Labels:
      None
    • Fix Priority:
      3

      Description

      When Liferay is acting as SAML provider and sending an Authn Response, it incorrectly sets AuthnInstant equal to the assertion's IssueInstant. This is wrong as stated in the SAML 2.0 spec.

      AuthnInstant [Required] Specifies the time at which the authentication took place. The time value is encoded in UTC, as described in Section 1.3.3.

      IssueInstant [Required] The time instant of issue of the response. The time value is encoded in UTC, as described in Section 1.3.3.

      In the case when the user is automatically signed into the SP without a challenge on the IDP side, the former is expected to be much earlier than the latter. i.e. the time when the challenge was met.

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            stian.sigvartsen Stian Sigvartsen
            Participants of an Issue:
            Recent user:
            Stian Sigvartsen
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Days since last comment:
              26 weeks, 5 days ago

                Packages

                Version Package