Time matters with SAML

Posted by on 1 June,2023 Leave a comment (0) Go to comments

Keeping you servers time synked is important for server operations to keep running smoothly. And if you are using SAML it’s crucial because if your servers time drifts away you will get BAD SAML REQUEST and your users can’t login. To find out if this is the problem add DEBUG_SAML=31 (Set it to 0 to turn it off) in your notes ini and look for this entry.

SECCheckSAMLAssertion> NotBefore time check failed : Single Sign-On token has a creation time in the future. Single Sign-On servers may need to have clocks synchronized.

SECCheckAndParseSAMLResponse> Exiting : Single Sign-On token has a creation time in the future. Single Sign-On servers may need to have clocks synchronized.
SECCheckAndParseSAMLResponse failed with error: Single Sign-On token has a creation time in the future. Single Sign-On servers may need to have clocks synchronized.
Error in SAML response – Single Sign-On token has a creation time in the future. Single Sign-On servers may need to have clocks synchronized.

If this is found check the clock on the server and if you can turn on automatical timesynk.

For other SAML problems check out my SAML article Debugging SAML setups in HCL Domino

Posts

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.