private void CreateConditions(XElement assertion)
{
var conditions = XmlUtil.CreateElement(SamlTags.Conditions);
conditions.Add(new XAttribute(SamlAttributes.NotBefore, NotBefore.FormatDateTimeXml()));
conditions.Add(new XAttribute(SamlAttributes.NotOnOrAfter, NotOnOrAfter.FormatDateTimeXml()));
var audienceRestriction = XmlUtil.CreateElement(SamlTags.AudienceRestriction);
var audience = XmlUtil.CreateElement(SamlTags.Audience);
audience.Value = AudienceRestriction;
audienceRestriction.Add(audience);
conditions.Add(audienceRestriction);
assertion.Add(conditions);
}
public void ValidateTimestamp(long allowedDriftInSeconds)
{
if (allowedDriftInSeconds < 0)
{
throw new ArgumentException("'allowedDriftInSeconds' must not be negative!");
}
var now = DateTimeEx.UtcNowRound;
if (now.AddSeconds(allowedDriftInSeconds) < NotBefore)
{
throw new ModelException("OIOSAML token is not valid yet - now: " + now.FormatDateTimeXml() +
". OIOSAML token validity start: " + NotBefore.FormatDateTimeXml() + ". Allowed clock drift: " + allowedDriftInSeconds + " seconds");
}
if (now.AddSeconds(-allowedDriftInSeconds) > NotOnOrAfter)
{
throw new ModelException("OIOSAML token no longer valid - now: " + now.FormatDateTimeXml() +
". OIOSAML token validity end: " + NotOnOrAfter.FormatDateTimeXml() + ". Allowed clock drift: " + allowedDriftInSeconds + " seconds");
}
}