From 6f3daa4782d9a3ccf14495a6f6cd8138d09057b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Fri, 19 Jun 2009 09:15:15 +0000
Subject: [PATCH] Allow for timeskew on the NotBefore condition in shibboleth
 1.3 response...

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1528 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/XML/Shib13/AuthnResponse.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index a7ad3cd1e..507f6b0ca 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -273,7 +273,13 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		}
 
 		$id = SimpleSAML_Utilities::generateID();
+		
 		$issueInstant = SimpleSAML_Utilities::generateTimestamp();
+		
+		// 30 seconds timeskew back in time to allow differing clocks.
+		$notBefore = SimpleSAML_Utilities::generateTimestamp(time() - 30);
+		
+		
 		$assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);# 5 minutes
 		$assertionid = SimpleSAML_Utilities::generateID();
 
@@ -326,7 +332,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
     <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
         AssertionID="' . $assertionid . '" IssueInstant="' . $issueInstant. '"
         Issuer="' . htmlspecialchars($idp['entityid']) . '" MajorVersion="1" MinorVersion="1">
-        <Conditions NotBefore="' . $issueInstant. '" NotOnOrAfter="'. $assertionExpire . '">
+        <Conditions NotBefore="' . $notBefore. '" NotOnOrAfter="'. $assertionExpire . '">
             <AudienceRestrictionCondition>
                 <Audience>' . htmlspecialchars($audience) . '</Audience>
             </AudienceRestrictionCondition>
-- 
GitLab