Fix for crewjam#123

junkblocker · Dec 12, 2017 · 0c4b14d · 0c4b14d
1 parent d1307ca
commit 0c4b14d
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 4 deletions.
diff --git a/samlsp/middleware_test.go b/samlsp/middleware_test.go
@@ -92,7 +92,7 @@ func (test *MiddlewareTest) TestCanProduceMetadata(c *C) {
 	c.Assert(resp.Header().Get("Content-type"), Equals, "application/samlmetadata+xml")
 	c.Assert(string(resp.Body.Bytes()), DeepEquals, ""+
 		"<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2015-12-03T01:57:09.123Z\" entityID=\"https://15661444.ngrok.io/saml2/metadata\">\n"+
-		"  <SPSSODescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"0001-01-01T00:00:00Z\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\" AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\">\n"+
+		"  <SPSSODescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2015-12-03T01:57:09.123456789Z\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\" AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\">\n"+
 		"    <KeyDescriptor use=\"signing\">\n"+
 		"      <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n"+
 		"        <X509Data>\n"+

diff --git a/service_provider.go b/service_provider.go
@@ -105,11 +105,12 @@ func (sp *ServiceProvider) Metadata() *EntityDescriptor {
 		validDuration = sp.MetadataValidDuration
 	}
 
+	validUntil := TimeNow().Add(validDuration)
 	authnRequestsSigned := false
 	wantAssertionsSigned := true
 	return &EntityDescriptor{
 		EntityID:   sp.MetadataURL.String(),
-		ValidUntil: TimeNow().Add(validDuration),
+		ValidUntil: validUntil,
 
 		SPSSODescriptors: []SPSSODescriptor{
 			SPSSODescriptor{
@@ -136,6 +137,7 @@ func (sp *ServiceProvider) Metadata() *EntityDescriptor {
 								},
 							},
 						},
+						ValidUntil: validUntil,
 					},
 				},
 				AuthnRequestsSigned:  &authnRequestsSigned,
@@ -401,7 +403,7 @@ func (sp *ServiceProvider) ParseResponse(req *http.Request, possibleRequestIDs [
 		return nil, retErr
 	}
 	if resp.Destination != sp.AcsURL.String() {
-		retErr.PrivateErr = fmt.Errorf("`Destination` does not match AcsURL (expected %q)", sp.AcsURL.String())
+		retErr.PrivateErr = fmt.Errorf("Response `Destination` %v does not match AcsURL (expected %q)", resp.Destination, sp.AcsURL.String())
 		return nil, retErr
 	}
 

diff --git a/service_provider_test.go b/service_provider_test.go
@@ -115,7 +115,7 @@ func (test *ServiceProviderTest) TestCanProduceMetadata(c *C) {
 	c.Assert(err, IsNil)
 	c.Assert(string(spMetadata), DeepEquals, ""+
 		"<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2015-12-03T01:57:09Z\" entityID=\"https://example.com/saml2/metadata\">\n"+
-		"  <SPSSODescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"0001-01-01T00:00:00Z\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\" AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\">\n"+
+		"  <SPSSODescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2015-12-03T01:57:09Z\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\" AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\">\n"+
 		"    <KeyDescriptor use=\"signing\">\n"+
 		"      <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n"+
 		"        <X509Data>\n"+