From 088b5ea996a0521a560b6234bed4ae226fa3dfa3 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 7 Mar 2011 13:25:51 +0000
Subject: [PATCH] saml:IdP: Set NotOnOrAfter on LogoutRequest sent from IdP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2756 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/lib/IdP/SAML2.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index da38771a6..7fbc4f6c6 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -464,6 +464,12 @@ class sspmod_saml_IdP_SAML2 {
 		$lr->setSessionIndex($association['saml:SessionIndex']);
 		$lr->setNameId($association['saml:NameID']);
 
+		$assertionLifetime = $spMetadata->getInteger('assertion.lifetime', NULL);
+		if ($assertionLifetime === NULL) {
+			$assertionLifetime = $idpMetadata->getInteger('assertion.lifetime', 300);
+		}
+		$lr->setNotOnOrAfter(time() + $assertionLifetime);
+
 		$encryptNameId = $spMetadata->getBoolean('nameid.encryption', NULL);
 		if ($encryptNameId === NULL) {
 			$encryptNameId = $idpMetadata->getBoolean('nameid.encryption', FALSE);
-- 
GitLab