response.rb in saml2-1.0.2

- old
+ new

@@ -25,10 +25,12 @@
       confirmation.recipient = response.destination
       if attributes && authn_request.attribute_consuming_service
         statement = authn_request.attribute_consuming_service.create_statement(attributes)
         response.assertions.first.statements << statement if statement
       end
+      response.assertions.first.conditions << Conditions::AudienceRestriction.new(authn_request.issuer.id)
+
       response
     end
 
     def self.initiate(service_provider, issuer, name_id, attributes = nil)
       response = new
@@ -40,9 +42,11 @@
       assertion.subject.confirmation = Subject::Confirmation.new
       assertion.subject.confirmation.method = Subject::Confirmation::Methods::BEARER
       assertion.subject.confirmation.not_on_or_after = Time.now.utc + 30
       assertion.subject.confirmation.recipient = response.destination if response.destination
       assertion.issuer = issuer
+      assertion.conditions.not_before = Time.now.utc - 5
+      assertion.conditions.not_on_or_after = Time.now.utc + 30
       authn_statement = AuthnStatement.new
       authn_statement.authn_instant = response.issue_instant
       authn_statement.authn_context_class_ref = AuthnStatement::Classes::UNSPECIFIED
       assertion.statements << authn_statement
       if attributes && service_provider.attribute_consuming_services.default