TimeStamp on authentication Message

[tvoglund]

I'm trying to debug the time difference. I checked my Azure server and the time is correct. Then I add a code to log the time right before Meteor.loginWithSaml is called. This time is:

2015-5-26T13:40:29.290

Then I get an error from Shibboleth IdP of:

Message was not yet valid: message time was 2015-06-26T15:40:31.000Z, latest valid is: 2015-06-26T09:45:33.158-04:00
Message was rejected because was issued in the future

Then I see the latest valid is 2015-06-26T09:45:33.158-04:00 which is equal to 2015-06-26T13:45:33.158

If you notice the time that I logged right before the call to my meteor package would work. But for some reason my meteor package is adding a timestamp of 2015-06-26T15:40:31.000Z and this is actually in the future. This looks like an issue, the package added 2 hours to the timestamp.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/23109826-timestamp-on-authentication-message?utm_campaign=plugin&utm_content=tracker%2F530713&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F530713&utm_medium=issues&utm_source=github).

[tvoglund]

In saml_utils.js on line 47 the code add 2 hours to getUTCHours. I was wondering why is this added. This cause a failure when I try to use the package with Shibboleth.

[nate-strauser]

i'm pretty sure i borrowed almost all of that file from https://github.com/bergie/passport-saml/blob/master/lib/passport-saml/saml.js - it was some time again though, so i'm not 100% sure.

it looks like passport-saml version has changed that code to

SAML.prototype.generateInstant = function () {
  return new Date().toISOString();
};

try to download this package into the packages directory of your meteor app and change that bit to see if it works for you.

[tvoglund]

This does change the time stamp back 2 hours.