Rename authnskew.

diff --git a/adfs/adfs.cpp b/adfs/adfs.cpp
index 74d3a4b..7fee451 100644 (file)
--- a/adfs/adfs.cpp
+++ b/adfs/adfs.cpp
@@ -583,7 +583,7 @@ void ADFSConsumer::implementProtocol(
 
     // authnskew allows rejection of SSO if AuthnInstant is too old.
     const PropertySet* sessionProps = application.getPropertySet("Sessions");
-    pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("authnskew") : pair<bool,unsigned int>(false,0);
+    pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("maxTimeSinceAuthn") : pair<bool,unsigned int>(false,0);
 
     if (authnskew.first && authnskew.second &&
             ssoStatement->getAuthenticationInstant() && (now - ssoStatement->getAuthenticationInstantEpoch() > authnskew.second))

diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd
index 652024e..353b582 100644 (file)
--- a/schemas/shibboleth-2.0-native-sp-config.xsd
+++ b/schemas/shibboleth-2.0-native-sp-config.xsd
@@ -526,7 +526,7 @@
                        <attribute name="idpHistoryDays" type="unsignedInt"/>\r
                        <attribute name="lifetime" type="unsignedInt" default="28800"/>\r
                        <attribute name="timeout" type="unsignedInt" default="3600"/>\r
-                   <attribute name="authnskew" type="unsignedInt"/>\r
+                   <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>\r
                        <attribute name="checkAddress" type="boolean" default="true"/>\r
                        <attribute name="consistentAddress" type="boolean" default="true"/>\r
                        <anyAttribute namespace="##other" processContents="lax"/>\r

diff --git a/shibsp/handler/impl/SAML1Consumer.cpp b/shibsp/handler/impl/SAML1Consumer.cpp
index 7788b7e..74f13f8 100644 (file)
--- a/shibsp/handler/impl/SAML1Consumer.cpp
+++ b/shibsp/handler/impl/SAML1Consumer.cpp
@@ -157,7 +157,7 @@ void SAML1Consumer::implementProtocol(
 
     // authnskew allows rejection of SSO if AuthnInstant is too old.
     const PropertySet* sessionProps = application.getPropertySet("Sessions");
-    pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("authnskew") : pair<bool,unsigned int>(false,0);
+    pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("maxTimeSinceAuthn") : pair<bool,unsigned int>(false,0);
 
     // Saves off error messages potentially helpful for users.
     string contextualError;

diff --git a/shibsp/handler/impl/SAML2Consumer.cpp b/shibsp/handler/impl/SAML2Consumer.cpp
index 0b5a416..735196c 100644 (file)
--- a/shibsp/handler/impl/SAML2Consumer.cpp
+++ b/shibsp/handler/impl/SAML2Consumer.cpp
@@ -147,7 +147,7 @@ void SAML2Consumer::implementProtocol(
 
     // authnskew allows rejection of SSO if AuthnInstant is too old.
     const PropertySet* sessionProps = application.getPropertySet("Sessions");
-    pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("authnskew") : pair<bool,unsigned int>(false,0);
+    pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("maxTimeSinceAuthn") : pair<bool,unsigned int>(false,0);
 
     // Saves off error messages potentially helpful for users.
     string contextualError;