Federation :: Affiliate Agent : UTC and IssueInstant Date Format
Article ID: 21712
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
We run Federation environment as IdP and the Affiliate Agent is unable
to parse the SAML assertion as getting this error:
[ERROR] SAML_ParseException occurred while trying to parse the SAML
Response received. Exception: Parsing SAML_Assertion: Could not
parse date in <IssueInstant> Element(2011-08-11T13:12:47+02:00)
Indeed, the IssueInstant as the value 2011-08-11T13:12:47+02:00 which
is not ending with Z as Zulu time. Is the 2011-08-11T13:12:47+02:00
UTC time ?
Cause
The format that the Affiliate Agent receive
(2011-08-11T13:12:47+02:00)
is not UTC.
The time
"2011-08-11T13:12:47+02:00"
is local time and not UTC.
According to OASIS, the IssueInstant should be written in UTC format.
IssueInstant [Required]
The time instant of issue in UTC, as described in Section 1.3.3
https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
Resolution
Our product works as designed and respects these guidelines. You
should ask the SP side to send the IssueInstant in UTC format.
Feedback
Yes
No
Powered by
