Shift NotBefore -1 day to avoid timing issues when system clocks are not perfectly in syncΒ #96
Description
Hi! π
Firstly, thanks for your work on this project! π
Today I used patch-package to patch [email protected] for the project I'm working on.
When the generated SAML assertion is immediately sent to a SAML consumer, it can happen that the consumer refuses the assertion if the consumer's system clock has not reached the 'NotBefore' timestamp.
Here is the diff that solved my problem:
diff --git a/node_modules/saml/lib/saml20.js b/node_modules/saml/lib/saml20.js
index 9db8141..5ba6ec3 100644
--- a/node_modules/saml/lib/saml20.js
+++ b/node_modules/saml/lib/saml20.js
@@ -168,7 +168,7 @@ function createAssertion(options, strategies, callback) {
var confirmationData = doc.documentElement.getElementsByTagName('saml:SubjectConfirmationData');
if (options.lifetimeInSeconds) {
- conditions[0].setAttribute('NotBefore', now.format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
+ conditions[0].setAttribute('NotBefore', now.clone().subtract(1, "days").format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
conditions[0].setAttribute('NotOnOrAfter', now.clone().add(options.lifetimeInSeconds, 'seconds').format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
confirmationData[0].setAttribute('NotOnOrAfter', now.clone().add(options.lifetimeInSeconds, 'seconds').format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));This issue body was partially generated by patch-package.