Skip to content

Commit 12450cd

Browse files
agrobbinagrobbin
committed
output a valid XML dateTime for the validUntil metadata property
The XML generated prior to this change was considered invalid, according to samltool.com's XML validator. An example metadata XML document: ```xml <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_a881df95-a3e4-43df-a340-47742de4c356" entityID="..." validUntil="2022-06-15T03:03:01+0000"> <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="..." index="0" isDefault="true"/> </md:SPSSODescriptor> </md:EntityDescriptor> ``` The `+0000` is the culprit, with the following validation error received from samltool.com: ``` Line: 1 | Column: 0 --> Element '{urn:oasis:names:tc:SAML:2.0:metadata}EntityDescriptor', attribute 'validUntil': '2022-06-15T03:03:01+0000' is not a valid value of the atomic type 'xs:dateTime'. ``` Additionally, should someone pass a non-UTC time for `validUntil`, that also produced invalid XML. Now, we coerce the provided `validUntil` into a UTC time, and hard-code a `Z` at the end of the format, to consistently produce valid XML.
1 parent c38d724 commit 12450cd

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

lib/onelogin/ruby-saml/metadata.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ def add_root_element(meta_doc, settings, valid_until, cache_duration)
4949
root = meta_doc.add_element("md:EntityDescriptor", namespaces)
5050
root.attributes["ID"] = OneLogin::RubySaml::Utils.uuid
5151
root.attributes["entityID"] = settings.sp_entity_id if settings.sp_entity_id
52-
root.attributes["validUntil"] = valid_until.strftime('%Y-%m-%dT%H:%M:%S%z') if valid_until
52+
root.attributes["validUntil"] = valid_until.utc.strftime('%Y-%m-%dT%H:%M:%SZ') if valid_until
5353
root.attributes["cacheDuration"] = "PT" + cache_duration.to_s + "S" if cache_duration
5454
root
5555
end

test/metadata_test.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ class MetadataTest < Minitest::Test
8383
assert_equal xml_metadata[0..start.length-1],start
8484

8585
doc_metadata = REXML::Document.new(xml_metadata)
86-
assert_equal valid_until.strftime('%Y-%m-%dT%H:%M:%S%z'), REXML::XPath.first(doc_metadata, "//md:EntityDescriptor").attribute("validUntil").value
86+
assert_equal valid_until.strftime('%Y-%m-%dT%H:%M:%SZ'), REXML::XPath.first(doc_metadata, "//md:EntityDescriptor").attribute("validUntil").value
8787
assert_equal "PT604800S", REXML::XPath.first(doc_metadata, "//md:EntityDescriptor").attribute("cacheDuration").value
8888
end
8989

0 commit comments

Comments
 (0)