diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/AuthenticationInformation.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/AuthenticationInformation.cs
index 92f3c2249b..79ef8f732f 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/AuthenticationInformation.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/AuthenticationInformation.cs
@@ -61,7 +61,7 @@ public Uri AuthenticationMethod
}
///
- /// Gets or sets the AuthenticationInstant
+ /// Gets or sets the AuthenticationInstant. This value should be in UTC.
///
public DateTime AuthenticationInstant { get; set; }
@@ -76,7 +76,7 @@ public Uri AuthenticationMethod
public string DnsName { get; set; }
///
- /// Gets or sets the time that the session referred to in the session index MUST be considered ended.
+ /// Gets or sets the time that the session referred to in the session index MUST be considered ended. This value should be in UTC.
///
public DateTime? NotOnOrAfter { get; set; }
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlAuthenticationStatement.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlAuthenticationStatement.cs
index bd98b85506..9819d3c286 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlAuthenticationStatement.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlAuthenticationStatement.cs
@@ -74,7 +74,7 @@ public SamlAuthenticationStatement(
}
///
- /// Gets or sets the instant of authentication.
+ /// Gets or sets the instant of authentication. This value should be in UTC.
///
public DateTime AuthenticationInstant
{
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlConditions.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlConditions.cs
index 0390a497e3..46fbb36267 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlConditions.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlConditions.cs
@@ -72,12 +72,12 @@ IEnumerable conditions
public ICollection Conditions { get; }
///
- /// Gets or sets the earliest time instant at which the assertion is valid.
+ /// Gets or sets the earliest time instant at which the assertion is valid. This value should be in UTC.
///
public DateTime NotBefore { get; set; } = DateTimeUtil.GetMinValue(DateTimeKind.Utc);
///
- /// Gets or sets the time instant at which the assertion has expired.
+ /// Gets or sets the time instant at which the assertion has expired. This value should be in UTC.
///
public DateTime NotOnOrAfter { get; set; } = DateTimeUtil.GetMaxValue(DateTimeKind.Utc);
}
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityToken.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityToken.cs
index eaa816a3ea..a0b23765b3 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityToken.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityToken.cs
@@ -96,7 +96,7 @@ public override SecurityKey SigningKey
}
///
- /// Gets the time the token is valid from.
+ /// Gets the time the token is valid from. This value is always in UTC.
///
public override DateTime ValidFrom
{
@@ -112,7 +112,7 @@ public override DateTime ValidFrom
}
///
- /// Gets the time the token is valid to.
+ /// Gets the time the token is valid to. This value is always in UTC.
///
public override DateTime ValidTo
{
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/AuthenticationInformation.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/AuthenticationInformation.cs
index e96b62b91b..30e21536b5 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/AuthenticationInformation.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/AuthenticationInformation.cs
@@ -59,7 +59,7 @@ public Uri AuthenticationMethod
}
///
- /// Gets or sets the AuthenticationInstant
+ /// Gets or sets the AuthenticationInstant. This value should be in UTC.
///
public DateTime AuthenticationInstant { get; set; }
@@ -69,7 +69,7 @@ public Uri AuthenticationMethod
public string DnsName { get; set; }
///
- /// Gets or sets the time that the session referred to in the session index MUST be considered ended.
+ /// Gets or sets the time that the session referred to in the session index MUST be considered ended. This value should be in UTC.
///
public DateTime? NotOnOrAfter { get; set; }
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2AuthenticationStatement.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2AuthenticationStatement.cs
index b86f485c17..95bb88e68f 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2AuthenticationStatement.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2AuthenticationStatement.cs
@@ -73,7 +73,8 @@ public Saml2AuthenticationContext AuthenticationContext
}
///
- /// Gets or sets the time at which the authentication took place. [Saml2Core, 2.7.2]
+ /// Gets or sets the time at which the authentication took place. If the provided DateTime is not in UTC, it will
+ /// be converted to UTC. [Saml2Core, 2.7.2]
///
/// if 'value' is null.
public DateTime AuthenticationInstant
@@ -95,7 +96,8 @@ public string SessionIndex
///
/// Gets or sets the time instant at which the session between the principal
/// identified by the subject and the SAML authority issuing this statement
- /// must be considered ended. [Saml2Core, 2.7.2]
+ /// must be considered ended. If the provided DateTime is not in UTC, it will
+ /// be converted to UTC. [Saml2Core, 2.7.2]
///
public DateTime? SessionNotOnOrAfter
{
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Conditions.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Conditions.cs
index aaeed54b26..9f9ba6f416 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Conditions.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Conditions.cs
@@ -70,7 +70,8 @@ public ICollection AudienceRestrictions
}
///
- /// Gets or sets the earliest time instant at which the assertion is valid.
+ /// Gets or sets the earliest time instant at which the assertion is valid. If the provided DateTime is not in UTC, it will
+ /// be converted to UTC.
/// [Saml2Core, 2.5.1]
///
/// if 'value' is greater or equal to .
@@ -93,7 +94,8 @@ public DateTime? NotBefore
}
///
- /// Gets or sets the time instant at which the assertion has expired.
+ /// Gets or sets the time instant at which the assertion has expired. If the provided DateTime is not in UTC, it will
+ /// be converted to UTC.
/// [Saml2Core, 2.5.1]
///
/// if 'value' is less than or equal to .
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityToken.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityToken.cs
index 9f3640ec9a..813e559b61 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityToken.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityToken.cs
@@ -87,7 +87,7 @@ public override SecurityKey SigningKey
}
///
- /// Gets the time the token is valid from.
+ /// Gets the time the token is valid from. This value is always in UTC.
///
public override DateTime ValidFrom
{
@@ -101,7 +101,7 @@ public override DateTime ValidFrom
}
///
- /// Gets the time the token is valid to.
+ /// Gets the time the token is valid to. This value is always in UTC.
///
public override DateTime ValidTo
{
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SubjectConfirmationData.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SubjectConfirmationData.cs
index 0f0192f6db..bfb97d5897 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SubjectConfirmationData.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SubjectConfirmationData.cs
@@ -77,7 +77,8 @@ public ICollection KeyInfos
}
///
- /// Gets or sets a time instant before which the subject cannot be confirmed. [Saml2Core, 2.4.1.2]
+ /// Gets or sets a time instant before which the subject cannot be confirmed. If the provided DateTime is not in UTC, it will
+ /// be converted to UTC.[Saml2Core, 2.4.1.2]
///
public DateTime? NotBefore
{
@@ -86,7 +87,8 @@ public DateTime? NotBefore
}
///
- /// Gets or sets a time instant at which the subject can no longer be confirmed. [Saml2Core, 2.4.1.2]
+ /// Gets or sets a time instant at which the subject can no longer be confirmed. If the provided DateTime is not in UTC, it will
+ /// be converted to UTC. [Saml2Core, 2.4.1.2]
///
public DateTime? NotOnOrAfter
{
diff --git a/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenExpiredException.cs b/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenExpiredException.cs
index 882b385980..e415a04b62 100644
--- a/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenExpiredException.cs
+++ b/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenExpiredException.cs
@@ -38,7 +38,7 @@ namespace Microsoft.IdentityModel.Tokens
public class SecurityTokenExpiredException : SecurityTokenValidationException
{
///
- /// Gets or sets the Expires value that created the validation exception.
+ /// Gets or sets the Expires value that created the validation exception. This value is always in UTC.
///
public DateTime Expires { get; set; }
diff --git a/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenInvalidLifetimeException.cs b/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenInvalidLifetimeException.cs
index 8e39294547..ac012110c8 100644
--- a/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenInvalidLifetimeException.cs
+++ b/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenInvalidLifetimeException.cs
@@ -38,12 +38,12 @@ namespace Microsoft.IdentityModel.Tokens
public class SecurityTokenInvalidLifetimeException : SecurityTokenValidationException
{
///
- /// Gets or sets the NotBefore value that created the validation exception.
+ /// Gets or sets the NotBefore value that created the validation exception. This value is always in UTC.
///
public DateTime? NotBefore { get; set; }
///
- /// Gets or sets the Expires value that created the validation exception.
+ /// Gets or sets the Expires value that created the validation exception. This value is always in UTC.
///
public DateTime? Expires { get; set; }
diff --git a/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenNotYetValidException.cs b/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenNotYetValidException.cs
index 4ed5c79b0b..809b1a8ed8 100644
--- a/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenNotYetValidException.cs
+++ b/src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenNotYetValidException.cs
@@ -39,7 +39,7 @@ namespace Microsoft.IdentityModel.Tokens
public class SecurityTokenNotYetValidException : SecurityTokenValidationException
{
///
- /// Gets or sets the NotBefore value that created the validation exception.
+ /// Gets or sets the NotBefore value that created the validation exception. This value is always in UTC.
///
public DateTime NotBefore { get; set; }
diff --git a/src/Microsoft.IdentityModel.Tokens/SecurityTokenDescriptor.cs b/src/Microsoft.IdentityModel.Tokens/SecurityTokenDescriptor.cs
index 48e47a1253..b7af318d07 100644
--- a/src/Microsoft.IdentityModel.Tokens/SecurityTokenDescriptor.cs
+++ b/src/Microsoft.IdentityModel.Tokens/SecurityTokenDescriptor.cs
@@ -52,7 +52,7 @@ public class SecurityTokenDescriptor
public EncryptingCredentials EncryptingCredentials { get; set; }
///
- /// Gets or sets the value of the 'expiration' claim.
+ /// Gets or sets the value of the 'expiration' claim. This value should be in UTC.
///
public DateTime? Expires { get; set; }
@@ -62,12 +62,12 @@ public class SecurityTokenDescriptor
public string Issuer { get; set; }
///
- /// Gets or sets the time the security token was issued.
+ /// Gets or sets the time the security token was issued. This value should be in UTC.
///
public DateTime? IssuedAt { get; set; }
///
- /// Gets or sets the notbefore time for the security token.
+ /// Gets or sets the notbefore time for the security token. This value should be in UTC.
///
public DateTime? NotBefore { get; set; }