Exception: Invalid SAML2 timestamp passed to parseSAML2Time
1,263 views
Skip to first unread message
Jean de Laulanié
Jun 10, 2011, 7:58:07 AM6/10/11
to simpleSAMLphp
Hi,
i'm getting the following error msg
"Exception: Invalid SAML2 timestamp passed to parseSAML2Time:
2011-06-09T13:38:04.218+00:00" when the assertion is sent back to my
simpleaml server (linux based, UTC time set up).
i did a test with the "Feide OpenIdP" server and everything is working
fine.
the only difference in the saml assertion i can find is the datetime
format,
ie 2011-06-10T08:26:03.979+00:00 KO and 2011-06-09T17:07:13Z is OK for
the "IssueInstant" key.
is there a way to have SimpleSAML accepting both date formet?
regards,
Jean.
i'm getting the following error msg
"Exception: Invalid SAML2 timestamp passed to parseSAML2Time:
2011-06-09T13:38:04.218+00:00" when the assertion is sent back to my
simpleaml server (linux based, UTC time set up).
i did a test with the "Feide OpenIdP" server and everything is working
fine.
the only difference in the saml assertion i can find is the datetime
format,
ie 2011-06-10T08:26:03.979+00:00 KO and 2011-06-09T17:07:13Z is OK for
the "IssueInstant" key.
is there a way to have SimpleSAML accepting both date formet?
regards,
Jean.
Tom Scavo
Jun 10, 2011, 8:35:23 AM6/10/11
to simple...@googlegroups.com
On Fri, Jun 10, 2011 at 7:58 AM, Jean de Laulanié
<jean.de...@spectrumgroupe.fr> wrote:
>
> ie 2011-06-10T08:26:03.979+00:00 KO and 2011-06-09T17:07:13Z is OK for
> the "IssueInstant" key.
>
> is there a way to have SimpleSAML accepting both date formet?
<jean.de...@spectrumgroupe.fr> wrote:
>
> ie 2011-06-10T08:26:03.979+00:00 KO and 2011-06-09T17:07:13Z is OK for
> the "IssueInstant" key.
>
> is there a way to have SimpleSAML accepting both date formet?
Well, if it's going to accept +00:00, then it should accept -00:00 as
well. Of course Z is canonical (in the XML sense) but I'm not sure
what that translates into from an implementation point of view.
Just my two cents,
Tom
Olav Morken
Jun 10, 2011, 10:30:03 AM6/10/11
to simple...@googlegroups.com
On Fri, Jun 10, 2011 at 08:35:23 -0400, Tom Scavo wrote:
> On Fri, Jun 10, 2011 at 7:58 AM, Jean de Laulani�
> <jean.de...@spectrumgroupe.fr> wrote:
> >
> > ie 2011-06-10T08:26:03.979+00:00 KO and 2011-06-09T17:07:13Z is OK for
> > the "IssueInstant" key.
> >
> > is there a way to have SimpleSAML accepting both date formet?
>
> Well, if it's going to accept +00:00, then it should accept -00:00 as
> well. Of course Z is canonical (in the XML sense) but I'm not sure
> what that translates into from an implementation point of view.
> On Fri, Jun 10, 2011 at 7:58 AM, Jean de Laulani�
> <jean.de...@spectrumgroupe.fr> wrote:
> >
> > ie 2011-06-10T08:26:03.979+00:00 KO and 2011-06-09T17:07:13Z is OK for
> > the "IssueInstant" key.
> >
> > is there a way to have SimpleSAML accepting both date formet?
>
> Well, if it's going to accept +00:00, then it should accept -00:00 as
> well. Of course Z is canonical (in the XML sense) but I'm not sure
> what that translates into from an implementation point of view.
My interpretation has always been that the timezone is not allowed,
even if it is "+00:00". This is based on the following text from the
specification:
All SAML time values have the type xs:dateTime, which is built in
to the W3C XML Schema Datatypes specification [Schema2], and MUST
be expressed in UTC form, with no time zone component.
(I am assuning that "time zone component" refers to the
�(('+' | '-') hh ':' mm)�-part of the format for xs:dateTime.)
Regards,
Olav Morken
UNINETT / Feide
Tom Scavo
Jun 10, 2011, 10:46:52 AM6/10/11
to simple...@googlegroups.com
On Fri, Jun 10, 2011 at 10:30 AM, Olav Morken <olav....@uninett.no> wrote:
> On Fri, Jun 10, 2011 at 08:35:23 -0400, Tom Scavo wrote:
>> On Fri, Jun 10, 2011 at 7:58 AM, Jean de Laulanié> On Fri, Jun 10, 2011 at 08:35:23 -0400, Tom Scavo wrote:
>> <jean.de...@spectrumgroupe.fr> wrote:
>> >
>> > ie 2011-06-10T08:26:03.979+00:00 KO and 2011-06-09T17:07:13Z is OK for
>> > the "IssueInstant" key.
>> >
>> > is there a way to have SimpleSAML accepting both date formet?
>>
>> Well, if it's going to accept +00:00, then it should accept -00:00 as
>> well. Of course Z is canonical (in the XML sense) but I'm not sure
>> what that translates into from an implementation point of view.
>
> My interpretation has always been that the timezone is not allowed,
> even if it is "+00:00". This is based on the following text from the
> specification:
>
> All SAML time values have the type xs:dateTime, which is built in
> to the W3C XML Schema Datatypes specification [Schema2], and MUST
> be expressed in UTC form, with no time zone component.
>
> (I am assuning that "time zone component" refers to the
> «(('+' | '-') hh ':' mm)»-part of the format for xs:dateTime.)
That sounds like a question for the saml...@lists.oasis-open.org
mailing list. Jean, do you want to ask there?
Tom
Jean de Laulanié
Jun 10, 2011, 10:46:02 AM6/10/11
to simpleSAMLphp
yep you are right got it to work by checking the code.
as stated /* We use a very strict regex to parse the timestamp. */
as a workaround i changed the regex and it's working now.
regards,
Jean
as stated /* We use a very strict regex to parse the timestamp. */
as a workaround i changed the regex and it's working now.
regards,
Jean
Brent Colflesh
Feb 9, 2012, 11:20:45 AM2/9/12
to simple...@googlegroups.com
Dear Jean,
Could you post or message me your changed regex? I am encountering the same problem.
Regards,
Regards,
Brent
Jean de Laulanié
Feb 9, 2012, 11:51:19 AM2/9/12
to simple...@googlegroups.com
sure Brent.
here is the code i'm using and it's working just fine with simplesamlphp 1.8.x
if(preg_match('/^(\\d\\d\\d\\d)-(\\d\\d)-(\\d\\d)' .
'T(\\d\\d):(\\d\\d):(\\d\\d)(?:\\.\\d+)(\\+|\\-)(\\d\\d):(\\d\\d)$/D',
$time, $matches) == 0)
cheers,
Jean
Brent Colflesh
Feb 9, 2012, 12:13:05 PM2/9/12
to simple...@googlegroups.com
Thank you very much!
Reply all
Reply to author
Forward
0 new messages