How can we change the value of "NotOnOrAfter" time in SAML
Hi All,
I am trying to create a SAML signed SOAP request using SOAPUI. It works as expected. However, the "NotOnOrAfter" timestamp is, by default set to 5minutes from the create time. After 5 minutes, I cannot re-use the request.
Please let me know if there is a way to change that value to 5 years or forever??
My request looks as below(NotBefore="2014-12-04T23:07:51.929Z" NotOnOrAfter="2014-12-04T23:12:51.929Z):
<soapenv:Envelope xmlns:book="http://www.example.com/xsd/books" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-4E807DE6ECB7571D681417734471992297">MIICSzCCAbQCBEb60nAwDQYJKoZIhvcNAQEEBQAwbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNVElCQ09Tb2Z0d2FyZTERMA8GA1UECxMIU2VjdXJpdHkxCzAJBgNVBAMTAkNBMB4XDTA3MDkyNjIxNDMxMloXDTM3MDkxODIxNDMxMlowazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNQUJDIEJvb2sgQ2x1YjEMMAoGA1UECxMDVklQMQ0wCwYDVQQDEwRKb2huMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLVSWejKIX1MeqQOq63CPpxzrlcUqe8aHEeO2iP7m0xOnjV9JUjepuOIEAtclvIm7M5BSBBw3VxYQb46Oftz/wS1rXuRvSINGP3Lw+SZ7FFcIU8wU/7BN3exlvWwySNXdI72mbPkli6oTX27NI9bPzJkRKvyPunm9oZxrH0ve/LwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE9Zd4Mn+xOIOcU2kR0pU2aATefcAExeri7VkBFgKekYj9V9Tr4l6k/ezpYDOzJqy87X5YhTmRpJC7zJYvwtwaP75xpK6yrcb76tzyhjtz3Bg9DgbqHs8wBJcMtuVBI5HAlFq+ftIXvUJMxk4FKTjDefiOIXxupMm+5TTsesTjsy</wsse:BinarySecurityToken>
<saml1:Assertion AssertionID="_4E807DE6ECB7571D681417734471914294" IssueInstant="2014-12-04T23:07:51.914Z" Issuer="urn:kimyou.tibco.com" MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType" xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml1:Conditions NotBefore="2014-12-04T23:07:51.929Z" NotOnOrAfter="2014-12-04T23:12:51.929Z"/>
<saml1:AuthenticationStatement AuthenticationInstant="2014-12-04T23:07:51.929Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" xsi:type="saml1:AuthenticationStatementType">
<saml1:Subject>
<saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">/C=US/ST=California/L=Palo Alto/O=TIBCOSoftware/OU=Security/CN=CA</saml1:NameIdentifier>
<saml1:SubjectConfirmation>
<saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml1:ConfirmationMethod>
</saml1:SubjectConfirmation>
</saml1:Subject>
</saml1:AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_4E807DE6ECB7571D681417734471914294">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>g7/UEIZwTNis48ekytEllnCLJu8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Mr4LH3A3Xfx4tp8S1CyFYWC71a1kqnR6e2m57rES/Rry+nQgW/4kV/nXlXitRP2oJL9lkh5ig2nNegU/wri6kiMriFLoR+9WKg1Y/7FfFfwN1yvMBKvTmYd1M7xWbUOV0MR4jmiEIZA+r/5YLbWDtFFu2z8Sk2rHL2gpKrPTyhw=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICSzCCAbQCBEb60nAwDQYJKoZIhvcNAQEEBQAwbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNVElCQ09Tb2Z0d2FyZTERMA8G
A1UECxMIU2VjdXJpdHkxCzAJBgNVBAMTAkNBMB4XDTA3MDkyNjIxNDMxMloXDTM3MDkxODIxNDMx
MlowazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0
bzEWMBQGA1UEChMNQUJDIEJvb2sgQ2x1YjEMMAoGA1UECxMDVklQMQ0wCwYDVQQDEwRKb2huMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLVSWejKIX1MeqQOq63CPpxzrlcUqe8aHEeO2iP7m0
xOnjV9JUjepuOIEAtclvIm7M5BSBBw3VxYQb46Oftz/wS1rXuRvSINGP3Lw+SZ7FFcIU8wU/7BN3
exlvWwySNXdI72mbPkli6oTX27NI9bPzJkRKvyPunm9oZxrH0ve/LwIDAQABMA0GCSqGSIb3DQEB
BAUAA4GBAE9Zd4Mn+xOIOcU2kR0pU2aATefcAExeri7VkBFgKekYj9V9Tr4l6k/ezpYDOzJqy87X
5YhTmRpJC7zJYvwtwaP75xpK6yrcb76tzyhjtz3Bg9DgbqHs8wBJcMtuVBI5HAlFq+ftIXvUJMxk
4FKTjDefiOIXxupMm+5TTsesTjsy</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml1:Assertion>
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" wsu:Id="STRSAMLId-4E807DE6ECB7571D681417734471992298" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_4E807DE6ECB7571D681417734471914294</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
<ds:Signature Id="SIG-4E807DE6ECB7571D681417734471992299" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="book soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-F8CDF4F7F98D66873614176106526406">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="book" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>uq1n0p6IJUfrewYNpVrAasBEpuE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#STRSAMLId-4E807DE6ECB7571D681417734471992298">
<ds:Transforms>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>NUSjLhTXxwfWGAlmqUWflD2Nkh0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>c9cLx1kd4cj6jDsUY8qd9Pf9zp/zFsEUZWtRk18DXJFhw5eV4PitkMMiqFODT2RQVruhblobAJ+p
SCo3IcK8pOYkqB9mN3Fj+znG4Ap+gR80VYRz6tjnHB3A7wFznYYiAzhI2/UHn4rOHeGr20AQYK9J
m8GYLyXZZD5oaHy5lhA=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-4E807DE6ECB7571D681417734471992295">
<wsse:SecurityTokenReference wsu:Id="STRId-4E807DE6ECB7571D681417734471992296">
<wsse:Reference URI="#CertId-4E807DE6ECB7571D681417734471992297" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-F8CDF4F7F98D66873614176106526406" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<book:Author>Vivek Ranadive</book:Author>
</soapenv:Body>
</soapenv:Envelope>
I am trying to create a SAML signed SOAP request using SOAPUI. It works as expected. However, the "NotOnOrAfter" timestamp is, by default set to 5minutes from the create time. After 5 minutes, I cannot re-use the request.
Please let me know if there is a way to change that value to 5 years or forever??
My request looks as below(NotBefore="2014-12-04T23:07:51.929Z" NotOnOrAfter="2014-12-04T23:12:51.929Z):
<soapenv:Envelope xmlns:book="http://www.example.com/xsd/books" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-4E807DE6ECB7571D681417734471992297">MIICSzCCAbQCBEb60nAwDQYJKoZIhvcNAQEEBQAwbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNVElCQ09Tb2Z0d2FyZTERMA8GA1UECxMIU2VjdXJpdHkxCzAJBgNVBAMTAkNBMB4XDTA3MDkyNjIxNDMxMloXDTM3MDkxODIxNDMxMlowazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNQUJDIEJvb2sgQ2x1YjEMMAoGA1UECxMDVklQMQ0wCwYDVQQDEwRKb2huMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLVSWejKIX1MeqQOq63CPpxzrlcUqe8aHEeO2iP7m0xOnjV9JUjepuOIEAtclvIm7M5BSBBw3VxYQb46Oftz/wS1rXuRvSINGP3Lw+SZ7FFcIU8wU/7BN3exlvWwySNXdI72mbPkli6oTX27NI9bPzJkRKvyPunm9oZxrH0ve/LwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE9Zd4Mn+xOIOcU2kR0pU2aATefcAExeri7VkBFgKekYj9V9Tr4l6k/ezpYDOzJqy87X5YhTmRpJC7zJYvwtwaP75xpK6yrcb76tzyhjtz3Bg9DgbqHs8wBJcMtuVBI5HAlFq+ftIXvUJMxk4FKTjDefiOIXxupMm+5TTsesTjsy</wsse:BinarySecurityToken>
<saml1:Assertion AssertionID="_4E807DE6ECB7571D681417734471914294" IssueInstant="2014-12-04T23:07:51.914Z" Issuer="urn:kimyou.tibco.com" MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType" xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml1:Conditions NotBefore="2014-12-04T23:07:51.929Z" NotOnOrAfter="2014-12-04T23:12:51.929Z"/>
<saml1:AuthenticationStatement AuthenticationInstant="2014-12-04T23:07:51.929Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" xsi:type="saml1:AuthenticationStatementType">
<saml1:Subject>
<saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">/C=US/ST=California/L=Palo Alto/O=TIBCOSoftware/OU=Security/CN=CA</saml1:NameIdentifier>
<saml1:SubjectConfirmation>
<saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml1:ConfirmationMethod>
</saml1:SubjectConfirmation>
</saml1:Subject>
</saml1:AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_4E807DE6ECB7571D681417734471914294">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>g7/UEIZwTNis48ekytEllnCLJu8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Mr4LH3A3Xfx4tp8S1CyFYWC71a1kqnR6e2m57rES/Rry+nQgW/4kV/nXlXitRP2oJL9lkh5ig2nNegU/wri6kiMriFLoR+9WKg1Y/7FfFfwN1yvMBKvTmYd1M7xWbUOV0MR4jmiEIZA+r/5YLbWDtFFu2z8Sk2rHL2gpKrPTyhw=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICSzCCAbQCBEb60nAwDQYJKoZIhvcNAQEEBQAwbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNVElCQ09Tb2Z0d2FyZTERMA8G
A1UECxMIU2VjdXJpdHkxCzAJBgNVBAMTAkNBMB4XDTA3MDkyNjIxNDMxMloXDTM3MDkxODIxNDMx
MlowazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0
bzEWMBQGA1UEChMNQUJDIEJvb2sgQ2x1YjEMMAoGA1UECxMDVklQMQ0wCwYDVQQDEwRKb2huMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLVSWejKIX1MeqQOq63CPpxzrlcUqe8aHEeO2iP7m0
xOnjV9JUjepuOIEAtclvIm7M5BSBBw3VxYQb46Oftz/wS1rXuRvSINGP3Lw+SZ7FFcIU8wU/7BN3
exlvWwySNXdI72mbPkli6oTX27NI9bPzJkRKvyPunm9oZxrH0ve/LwIDAQABMA0GCSqGSIb3DQEB
BAUAA4GBAE9Zd4Mn+xOIOcU2kR0pU2aATefcAExeri7VkBFgKekYj9V9Tr4l6k/ezpYDOzJqy87X
5YhTmRpJC7zJYvwtwaP75xpK6yrcb76tzyhjtz3Bg9DgbqHs8wBJcMtuVBI5HAlFq+ftIXvUJMxk
4FKTjDefiOIXxupMm+5TTsesTjsy</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml1:Assertion>
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" wsu:Id="STRSAMLId-4E807DE6ECB7571D681417734471992298" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_4E807DE6ECB7571D681417734471914294</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
<ds:Signature Id="SIG-4E807DE6ECB7571D681417734471992299" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="book soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-F8CDF4F7F98D66873614176106526406">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="book" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>uq1n0p6IJUfrewYNpVrAasBEpuE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#STRSAMLId-4E807DE6ECB7571D681417734471992298">
<ds:Transforms>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>NUSjLhTXxwfWGAlmqUWflD2Nkh0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>c9cLx1kd4cj6jDsUY8qd9Pf9zp/zFsEUZWtRk18DXJFhw5eV4PitkMMiqFODT2RQVruhblobAJ+p
SCo3IcK8pOYkqB9mN3Fj+znG4Ap+gR80VYRz6tjnHB3A7wFznYYiAzhI2/UHn4rOHeGr20AQYK9J
m8GYLyXZZD5oaHy5lhA=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-4E807DE6ECB7571D681417734471992295">
<wsse:SecurityTokenReference wsu:Id="STRId-4E807DE6ECB7571D681417734471992296">
<wsse:Reference URI="#CertId-4E807DE6ECB7571D681417734471992297" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-F8CDF4F7F98D66873614176106526406" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<book:Author>Vivek Ranadive</book:Author>
</soapenv:Body>
</soapenv:Envelope>
