From 7e8c3d99d1822be85243c6f0be4c61a335d54884 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 4 Dec 2015 17:51:50 +0100
Subject: [PATCH 4/4] saml2: extract sessionNotOnOrAfter and use it to set
 session expire (#8887)

---
 wcs/qommon/saml2.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/wcs/qommon/saml2.py b/wcs/qommon/saml2.py
index 303dbb4..2396b36 100644
--- a/wcs/qommon/saml2.py
+++ b/wcs/qommon/saml2.py
@@ -358,6 +358,13 @@ class Saml2Directory(Directory):
         if assertion.authnStatement[0].sessionIndex:
             session.lasso_session_index = assertion.authnStatement[0].sessionIndex
 
+        if assertion.authnStatement[0].sessionNotOnOrAfter:
+            try:
+                t = misc.parse_isotime(assertion.authnStatement[0].sessionNotOnOrAfter)
+            except ValueError:
+                return error_page('Error extracting SessionNotOnOrAfter')
+            session.set_expire(t)
+
         user = self.lookup_user(session, login)
         if user:
             session.set_user(user.id)
-- 
2.1.4