From f8e37c0c8b2f18ef0f36e7ac1d155a68541d5d6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Fri, 27 Mar 2015 08:29:12 +0000
Subject: [PATCH] Use SAML message creation time to set netBefore and
 notOnOrAfter (#799)

---
 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
index 4be94dd23..1d19bfbee 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
@@ -22,7 +22,7 @@ use URI;                   # Get metadata URL path
 #inherits Lemonldap::NG::Common::Conf::SAML::Metadata protected service_metadata
 
 our @ISA     = (qw(Lemonldap::NG::Portal::_Browser));
-our $VERSION = '1.4.2';
+our $VERSION = '1.4.4';
 our $samlCache;
 our $initGlibDone;
 
@@ -1071,8 +1071,10 @@ sub buildAssertion {
     my $timeout                 = $time + $notOnOrAfterTimeout;
     my $authenticationInstant   = $self->timestamp2samldate($time);
     my $reauthenticateOnOrAfter = $self->timestamp2samldate($timeout);
-    my $notBefore               = $authenticationInstant;
-    my $notOnOrAfter            = $reauthenticateOnOrAfter;
+    my $issued_time             = time;
+    my $notBefore               = $self->timestamp2samldate($issued_time);
+    my $notOnOrAfter =
+      $self->timestamp2samldate( $issued_time + $notOnOrAfterTimeout );
 
     eval {
         Lasso::Login::build_assertion( $login, $authn_context,