Contributions
Re: How can we change the value of "NotOnOrAfter" time in SAML
Hi All, I would really appreciate any help with the above question. I have googled a lot and found no solution. Basically, when I apply my SAML signed configuration to the request, it should give a "NotOnOrAfter" timestamp to a different value that I can configure elsewhere. Editing that value after the request is created will not help me.1.1KViews0likes0CommentsHow can we change the value of "NotOnOrAfter" time in SAML
Hi All, I am trying to create a SAML signed SOAP request using SOAPUI. It works as expected. However, the "NotOnOrAfter" timestamp is, by default set to 5minutes from the create time. After 5 minutes, I cannot re-use the request. Please let me know if there is a way to change that value to 5 years or forever?? My request looks as below(NotBefore="2014-12-04T23:07:51.929Z" NotOnOrAfter="2014-12-04T23:12:51.929Z): <soapenv:Envelope xmlns:book="http://www.example.com/xsd/books" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-4E807DE6ECB7571D681417734471992297">MIICSzCCAbQCBEb60nAwDQYJKoZIhvcNAQEEBQAwbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNVElCQ09Tb2Z0d2FyZTERMA8GA1UECxMIU2VjdXJpdHkxCzAJBgNVBAMTAkNBMB4XDTA3MDkyNjIxNDMxMloXDTM3MDkxODIxNDMxMlowazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNQUJDIEJvb2sgQ2x1YjEMMAoGA1UECxMDVklQMQ0wCwYDVQQDEwRKb2huMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLVSWejKIX1MeqQOq63CPpxzrlcUqe8aHEeO2iP7m0xOnjV9JUjepuOIEAtclvIm7M5BSBBw3VxYQb46Oftz/wS1rXuRvSINGP3Lw+SZ7FFcIU8wU/7BN3exlvWwySNXdI72mbPkli6oTX27NI9bPzJkRKvyPunm9oZxrH0ve/LwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE9Zd4Mn+xOIOcU2kR0pU2aATefcAExeri7VkBFgKekYj9V9Tr4l6k/ezpYDOzJqy87X5YhTmRpJC7zJYvwtwaP75xpK6yrcb76tzyhjtz3Bg9DgbqHs8wBJcMtuVBI5HAlFq+ftIXvUJMxk4FKTjDefiOIXxupMm+5TTsesTjsy</wsse:BinarySecurityToken> <saml1:Assertion AssertionID="_4E807DE6ECB7571D681417734471914294" IssueInstant="2014-12-04T23:07:51.914Z" Issuer="urn:kimyou.tibco.com" MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType" xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml1:Conditions NotBefore="2014-12-04T23:07:51.929Z" NotOnOrAfter="2014-12-04T23:12:51.929Z"/> <saml1:AuthenticationStatement AuthenticationInstant="2014-12-04T23:07:51.929Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" xsi:type="saml1:AuthenticationStatementType"> <saml1:Subject> <saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">/C=US/ST=California/L=Palo Alto/O=TIBCOSoftware/OU=Security/CN=CA</saml1:NameIdentifier> <saml1:SubjectConfirmation> <saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml1:ConfirmationMethod> </saml1:SubjectConfirmation> </saml1:Subject> </saml1:AuthenticationStatement> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_4E807DE6ECB7571D681417734471914294"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>g7/UEIZwTNis48ekytEllnCLJu8=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>Mr4LH3A3Xfx4tp8S1CyFYWC71a1kqnR6e2m57rES/Rry+nQgW/4kV/nXlXitRP2oJL9lkh5ig2nNegU/wri6kiMriFLoR+9WKg1Y/7FfFfwN1yvMBKvTmYd1M7xWbUOV0MR4jmiEIZA+r/5YLbWDtFFu2z8Sk2rHL2gpKrPTyhw=</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIICSzCCAbQCBEb60nAwDQYJKoZIhvcNAQEEBQAwbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh bGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNVElCQ09Tb2Z0d2FyZTERMA8G A1UECxMIU2VjdXJpdHkxCzAJBgNVBAMTAkNBMB4XDTA3MDkyNjIxNDMxMloXDTM3MDkxODIxNDMx MlowazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0 bzEWMBQGA1UEChMNQUJDIEJvb2sgQ2x1YjEMMAoGA1UECxMDVklQMQ0wCwYDVQQDEwRKb2huMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLVSWejKIX1MeqQOq63CPpxzrlcUqe8aHEeO2iP7m0 xOnjV9JUjepuOIEAtclvIm7M5BSBBw3VxYQb46Oftz/wS1rXuRvSINGP3Lw+SZ7FFcIU8wU/7BN3 exlvWwySNXdI72mbPkli6oTX27NI9bPzJkRKvyPunm9oZxrH0ve/LwIDAQABMA0GCSqGSIb3DQEB BAUAA4GBAE9Zd4Mn+xOIOcU2kR0pU2aATefcAExeri7VkBFgKekYj9V9Tr4l6k/ezpYDOzJqy87X 5YhTmRpJC7zJYvwtwaP75xpK6yrcb76tzyhjtz3Bg9DgbqHs8wBJcMtuVBI5HAlFq+ftIXvUJMxk 4FKTjDefiOIXxupMm+5TTsesTjsy</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </saml1:Assertion> <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" wsu:Id="STRSAMLId-4E807DE6ECB7571D681417734471992298" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_4E807DE6ECB7571D681417734471914294</wsse:KeyIdentifier> </wsse:SecurityTokenReference> <ds:Signature Id="SIG-4E807DE6ECB7571D681417734471992299" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="book soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#id-F8CDF4F7F98D66873614176106526406"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="book" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>uq1n0p6IJUfrewYNpVrAasBEpuE=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#STRSAMLId-4E807DE6ECB7571D681417734471992298"> <ds:Transforms> <ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"> <wsse:TransformationParameters> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </wsse:TransformationParameters> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>NUSjLhTXxwfWGAlmqUWflD2Nkh0=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>c9cLx1kd4cj6jDsUY8qd9Pf9zp/zFsEUZWtRk18DXJFhw5eV4PitkMMiqFODT2RQVruhblobAJ+p SCo3IcK8pOYkqB9mN3Fj+znG4Ap+gR80VYRz6tjnHB3A7wFznYYiAzhI2/UHn4rOHeGr20AQYK9J m8GYLyXZZD5oaHy5lhA=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-4E807DE6ECB7571D681417734471992295"> <wsse:SecurityTokenReference wsu:Id="STRId-4E807DE6ECB7571D681417734471992296"> <wsse:Reference URI="#CertId-4E807DE6ECB7571D681417734471992297" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv:Body wsu:Id="id-F8CDF4F7F98D66873614176106526406" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <book:Author>Vivek Ranadive</book:Author> </soapenv:Body> </soapenv:Envelope>1.2KViews0likes1Comment