Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1031

ExternalAuthentication ignores authnInstant

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.1
    • Fix Version/s: 3.3.0
    • Component/s: Authentication
    • Labels:
      None
    • Operating System:
      Linux
    • Java Version:
      Other OpenJDK 7
    • Servlet Container:
      Apache Tomcat 7

      Description

      Hi,

      I'm working on our code integrating the IdP with our VirtualHome implementation.

      I'm hooking into the RemoteUser flow (which I understand is a special instance of ExternalAuthentication) and I'm handling this in my own servlet replacing RemoteUserAuthServlet.

      I'm using the inputs and outputs as documented at https://wiki.shibboleth.net/confluence/display/IDP30/ExternalAuthnConfiguration

      All is working well, but when I also tried setting authnInstant (as an attribute on the httpRequest object), this is ignored.

      The SAML message then has a different instant, about 0.5s later.

      Looking into the code ExternalAuthenticationImpl stores the instant in ExternalAuthenticationContext, but there is nothing that would take it out of there and stored in the AuthenticationResult. I can see the AuthenticationResult is built in AbstractValidationAction.buildAuthenticationResult(), but nothing would set the authnenticationInstant on the result object here.

      The AuthenticationResult constructor then picks a new instant with:

      authenticationInstant = System.currentTimeMillis();
      
      • which I understand is what then gets used by AddAuthnStatementToAssertion.

      This may sound as nit-picking, but I thought I should bring it up having it discovered - looks like the authnInstant output documented on the ExternalAuthnConfiguration page is ignored by the code finalizing the authentication flow.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            tuakiriadmin-vmencl@virtualhome.tuakiri.ac.nz Vladimir Mencl
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 45 minutes
                45m