Mercurial > dive4elements > river
diff gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 8839:2c8259176c46
Add configurable time tolerance to SAML ticket validation.
This allows e.g. to account for time skew between the ISP and
the server this servlet is run on.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 28 Jun 2017 20:09:53 +0200 |
parents | 5aff82e77ec3 |
children | 5e38e2924c07 |
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Tue May 30 12:51:42 2017 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Wed Jun 28 20:09:53 2017 +0200 @@ -45,10 +45,11 @@ private String password; private Features features; private String trustedKeyFile; + private String timeEpsilon; public Response(HttpEntity entity, String username, String password, - Features features, String trustedKeyFile) + Features features, String trustedKeyFile, String timeEpsilon) throws AuthenticationException, IOException { if (entity == null) { @@ -80,6 +81,7 @@ this.password = password; this.features = features; this.trustedKeyFile = trustedKeyFile; + this.timeEpsilon = timeEpsilon; } @Override @@ -97,8 +99,9 @@ public Assertion getAssertion() { if (this.assertion == null && this.root != null) { try { + int timeEps = Integer.parseInt(this.timeEpsilon); TicketValidator validator = - new TicketValidator(this.trustedKeyFile); + new TicketValidator(this.trustedKeyFile, timeEps); this.assertion = validator.checkTicket(this.root); } catch (Exception e) {