dwalby Posted August 30, 2018 Share Posted August 30, 2018 Hi all, When attempting to login this morning we're seeing the below error message. It doesn't appear to be related to the OS system time and have tried restarting browsers, devices, etc. As this is preventing any of our analysts from logging on please could this be looked at with some urgency? Thanks in advance Link to comment Share on other sites More sharing options...
dwalby Posted August 30, 2018 Author Share Posted August 30, 2018 Turning this option to OFF, allows it to work but I'm conscious this has security implications... Link to comment Share on other sites More sharing options...
Martyn Houghton Posted August 30, 2018 Share Posted August 30, 2018 @dwalby We had this a few times and we increased security.saml.timeSkewCompensation to allow for time difference between the environments even though they are all supposed to be sync by network time protocol and still have the validate time option on. Hope that helps. Cheers Martyn 1 Link to comment Share on other sites More sharing options...
dwalby Posted August 30, 2018 Author Share Posted August 30, 2018 @Martyn Houghton Thanks that's worked. Lifesaver! Will put this into our KEDB! Link to comment Share on other sites More sharing options...
dwalby Posted August 30, 2018 Author Share Posted August 30, 2018 I've increased this to 180 seconds, however users are still getting the error, rather than increasing the skew setting is there something else that can be done to prevent/fix this? Link to comment Share on other sites More sharing options...
Martyn Houghton Posted August 30, 2018 Share Posted August 30, 2018 @dwalby What are you using to provide the SAML single sign on authorisation for your instance? If it is your own Active Directory/Domain, might be worth just double checking the time synchronisation on the them just to check there is nothing causing the time difference at that end. I think at one point we where as high as 300 seconds until there was some work done on our ADFS/Active directory servers. Cheers Martyn 1 Link to comment Share on other sites More sharing options...
dwalby Posted August 30, 2018 Author Share Posted August 30, 2018 Yes, local Active Directory. I'll check in with the infrastructure team to review the time sync. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now