Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-12609

SAML AuthnStatement SessionNotOnOrAfter is incorrect/expired

    Details

      Description

      I've noticed the SAML response returned from Keycloak always seems to have an expired AuthnStatement, this is causing an issue with using SAML + GitLab, please see below snippets of what I caught using SAML tracer.

      <saml:Conditions NotBefore="2020-01-02T15:07:43.807Z"
      NotOnOrAfter="2020-01-02T15:08:43.807Z"
      >
      <saml:AudienceRestriction>
      <saml:Audience>git.sickrage.ca</saml:Audience>
      </saml:AudienceRestriction>
      </saml:Conditions>
      <saml:AuthnStatement AuthnInstant="2020-01-02T15:07:45.808Z"
      SessionIndex="bf4ab8a3-8d71-47cd-ac0b-05a1a879a1b1::99bc74e1-3959-4f6f-993b-51b6f7805b74"
      SessionNotOnOrAfter="2019-12-13T22:04:58.512Z"
      >
      <saml:AuthnContext>
      <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
      </saml:AuthnContext>
      </saml:AuthnStatement>

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                mitko Michal Hajas
                Reporter:
                justin.tabish Justin Tabish
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: