Output a valid XML dateTime for the validUntil metadata property
#638
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The XML generated prior to this change was considered invalid, according to samltool.com's XML validator. An example metadata XML document:
```xml
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_a881df95-a3e4-43df-a340-47742de4c356" entityID="..." validUntil="2022-06-15T03:03:01+0000">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="..." index="0" isDefault="true"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
```
The `+0000` is the culprit, with the following validation error received from samltool.com:
```
Line: 1 | Column: 0 --> Element '{urn:oasis:names:tc:SAML:2.0:metadata}EntityDescriptor', attribute 'validUntil': '2022-06-15T03:03:01+0000' is not a valid value of the atomic type 'xs:dateTime'.
```
Additionally, should someone pass a non-UTC time for `validUntil`, that also produced invalid XML.
Now, we coerce the provided `validUntil` into a UTC time, and hard-code a `Z` at the end of the format, to consistently produce valid XML.
|
The error in CI seems to be unrelated to this change (it's a JRuby OpenSSL error). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The XML generated prior to this change was considered invalid, according to samltool.com's XML validator. An example metadata XML document:
The
+0000is the culprit, with the following validation error received from samltool.com:Additionally, should someone pass a non-UTC time for
validUntil, that also produced invalid XML.Now, we coerce the provided
validUntilinto a UTC time, and hard-code aZat the end of the format, to consistently produce valid XML.