From 57f361fdc579df00e774c5627e2bdf88813f1764 Mon Sep 17 00:00:00 2001
From: Elad Avraham <eladab@gmail.com>
Date: Tue, 12 Mar 2019 11:29:40 +0200
Subject: [PATCH] Add maxClockSkewInSeconds for NotBefore value (default is 0)

---
 lib/saml20.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/saml20.js b/lib/saml20.js
index 21c1f278..86f3ce21 100644
--- a/lib/saml20.js
+++ b/lib/saml20.js
@@ -102,12 +102,14 @@ exports.create = function(options, callback) {
   }
 
   var now = moment.utc();
+  var maxClockSkew = options.maxClockSkewInSeconds || 0
+  var notBefore = now.clone().subtract(maxClockSkew, 'seconds')
   doc.documentElement.setAttribute('IssueInstant', now.format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
   var conditions = doc.documentElement.getElementsByTagName('saml:Conditions');
   var confirmationData = doc.documentElement.getElementsByTagName('saml:SubjectConfirmationData');
 
   if (options.lifetimeInSeconds) {
-    conditions[0].setAttribute('NotBefore', now.format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
+    conditions[0].setAttribute('NotBefore', notBefore.format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
     conditions[0].setAttribute('NotOnOrAfter', now.clone().add(options.lifetimeInSeconds, 'seconds').format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
   
     confirmationData[0].setAttribute('NotOnOrAfter', now.clone().add(options.lifetimeInSeconds, 'seconds').format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));