diff --git a/lib/saml/assertion.rb b/lib/saml/assertion.rb
index dfdd55c..9cb4cdd 100644
--- a/lib/saml/assertion.rb
+++ b/lib/saml/assertion.rb
@@ -46,7 +46,8 @@ def initialize(*args)
@authn_statement = Saml::Elements::AuthnStatement.new(authn_instant: authn_instant,
address: options.delete(:address),
authn_context_class_ref: options.delete(:authn_context_class_ref),
- session_index: options.delete(:session_index))
+ session_index: options.delete(:session_index),
+ session_not_on_or_after: options.delete(:session_not_on_or_after))
super(*(args << options))
@_id ||= Saml.generate_id
@issue_instant ||= Time.now
diff --git a/lib/saml/elements/authn_statement.rb b/lib/saml/elements/authn_statement.rb
index 8bff08f..d04c34e 100644
--- a/lib/saml/elements/authn_statement.rb
+++ b/lib/saml/elements/authn_statement.rb
@@ -8,6 +8,7 @@ class AuthnStatement
attribute :authn_instant, Time, tag: "AuthnInstant", on_save: lambda { |val| val.utc.xmlschema }
attribute :session_index, String, tag: "SessionIndex"
+ attribute :session_not_on_or_after, Time, tag: "SessionNotOnOrAfter", on_save: lambda { |val| val.utc.xmlschema if val.present?}
has_one :subject_locality, Saml::Elements::SubjectLocality, tag: "SubjectLocality"
has_one :authn_context, Saml::Elements::AuthnContext, tag: "AuthnContext"
diff --git a/spec/fixtures/artifact_response.xml b/spec/fixtures/artifact_response.xml
index fc31a8a..e7336c7 100644
--- a/spec/fixtures/artifact_response.xml
+++ b/spec/fixtures/artifact_response.xml
@@ -43,7 +43,7 @@
-
+
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
@@ -83,7 +83,7 @@
-
+
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
diff --git a/spec/lib/saml/assertion_spec.rb b/spec/lib/saml/assertion_spec.rb
index 251f0b4..080463f 100644
--- a/spec/lib/saml/assertion_spec.rb
+++ b/spec/lib/saml/assertion_spec.rb
@@ -114,6 +114,7 @@
it 'parses AuthnStatement elements' do
aggregate_failures do
expect(assertion.authn_statement.size).to eq 1
+ expect(assertion.authn_statement.first.session_not_on_or_after).to eq(Time.parse("2011-09-01T08:51:05Z"))
expect(assertion.authn_statement.first).to be_a(Saml::Elements::AuthnStatement)
end
end