Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 13:32:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '6.2.x' into 6.3.x

Browse Source
This commit is contained in:
Josh Cummings 2024-05-31 14:13:46 -06:00
commit 3defed4c3d
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
View File

@ -861,7 +861,8 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
validator) { validator) {
@Nonnull @Nonnull
@Override @Override
protected ValidationResult validateBasicData(@Nonnull Assertion assertion, @Nonnull ValidationContext context) throws AssertionValidationException { protected ValidationResult validateBasicData(@Nonnull Assertion assertion,
@Nonnull ValidationContext context) throws AssertionValidationException {
return ValidationResult.VALID; return ValidationResult.VALID;
} }

14
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
View File

@ -847,6 +847,20 @@ public class OpenSaml4AuthenticationProviderTests {
provider.authenticate(token); provider.authenticate(token);
} }
// gh-15022
@Test
public void authenticateWhenClockSkewThenVerifiesSignature() {
OpenSaml4AuthenticationProvider provider = new OpenSaml4AuthenticationProvider();
provider.setAssertionValidator(OpenSaml4AuthenticationProvider.createDefaultAssertionValidatorWithParameters(
(params) -> params.put(SAML2AssertionValidationParameters.CLOCK_SKEW, Duration.ofMinutes(10))));
Response response = response();
Assertion assertion = assertion();
assertion.setIssueInstant(Instant.now().plus(Duration.ofMinutes(9)));
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
provider.authenticate(token);
}
private <T extends XMLObject> T build(QName qName) { private <T extends XMLObject> T build(QName qName) {
return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName); return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
} }