stackoom
  简体   繁体   中英

SAML in java : timezone converts to UTC from Eastern automatically

 原文  2014-09-29 20:55:41       java/ jodatime/ saml-2.0

Question

I am using opensaml to create a SAML assertion in java application. But the NotBefore and NotOnOrAfter time in <saml2:Conditions> always change back to UTC timezone even though I specifically use DateTimeZone dtZone = DateTimeZone.forID("America/New_York"); in joda time.

Also I tried again to convert it back to EST but even after this below I still get UTC: conditions.setNotBefore(conditions.getNotBefore().toDateTime(dtZone));

Because of this is wierd timezone conflict the SAML expires as a result yielding security error.
Any thoughts?

1 answers

solution1
 2  2014-09-30 02:02:24

The OASIS SAML 2.0 specification mandates the timestamp in the assertion be encoded/normalized to UTC :

2.5.1 Element <Conditions>

The element MAY contain the following elements and attributes:

NotBefore [Optional]

Specifies the earliest time instant at which the assertion is valid. The time value is encoded in UTC, as described in Section 1.3.3.

NotOnOrAfter [Optional]

Specifies the time instant at which the assertion has expired. The time value is encoded in UTC, as described in Section 1.3.3.

...earlier in the spec:

1.3.3 Time Values

All SAML time values have the type xs:dateTime, which is built in to the W3C XML Schema Datatypes specification [Schema2], and MUST be expressed in UTC form, with no time zone component. SAML system entities SHOULD NOT rely on time resolution finer than milliseconds. Implementations MUST NOT generate time instants that specify leap seconds.

I think you will need your assertion creating application to translate the desired NotBefore or NotOnOrAfter to/from UTC to accommodate. Since you mentioned using jodatime, it would be something along the lines of new DateTime(DateTimeZone.UTC); If you want the assertion consumer to consider your assertion invalid on or after two hours from now, you would need to add two hours to current time. You can use DateTime "plus...()/minus...()" APIs for that: 

DateTime now = new DateTime(DateTimeZone.UTC);
DateTime twoHoursLater = now.plusHours(2);
DateTime myAssertionExpiry = twoHoursLater;
//use myAssertionExpiry for SAML NotOnOrAfter
DateTime fiveMinutesAgo = now.minusMinutes(5)
//could use fiveMinutesAgo for SAML NotBefore to allow recipient to have 5 minutes different clock time; use 'now' for NotBefore for more realtime/time-critical assertions

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java setting timezone while converting date from Mountain to Eastern to GMT Java LocalDateTime remove the milliseconds from UTC timezone Getting a date and time input in Eastern Time and converting to UTC timestamp in Java Java - Convert From A Timezone Different From Local To UTC UTC Unix timestamp storage in HSQLDB from Java program in wrong timezone Converting cron expression from one timezone to UTC in java Convert time from specific timezone to UTC (ColdFusion/Java) Force Java timezone as GMT/UTC Calendar in Java is not working for UTC timezone Retrieving UTC DATETIME field from MySQL in Java when server timezone is not UTC
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM