Hi All, I've just noticed in 6.3.5 the notonorafter timestamp in the saml subject confirmation is always set to the authentication date. So the saml envelope is valid only on the first login but then sso is not working for saml few seconds after login. I've enabled the notbefore to show the differences:
First auth: <saml2:SubjectConfirmationData InResponseTo="ARQd805dd1-db66-44a6-8c19-7d8fbb112dde" NotBefore="2021-07-08T16:12:43.464Z" NotOnOrAfter="2021-07-08T16:12:58.454Z" Recipient="xxxxxxxxxx" /> second: <saml2:SubjectConfirmationData InResponseTo="ARQf767fe6-a726-4d15-8d48-445c5558f9d2" NotBefore="2021-07-08T16:13:38.391Z" NotOnOrAfter="2021-07-08T16:12:58.150Z" Recipient="xxxxxxx" /> And one more <saml2:SubjectConfirmationData InResponseTo="ARQ07157b7-6f18-4d50-ba6d-818668259e70" NotBefore="2021-07-08T16:14:29.350Z" NotOnOrAfter="2021-07-08T16:12:58.150Z" Recipient="xxxxxx" /> The first timestamp is slightly different but then they are all the same and the timeframe is obviously invalid. It's on my dev cas instance running cas 6.3.5. On production running cas 6.2.8 the timestamp is correct. Anyone experiencing this ? Am I missing some configuration here ? Thanks Stéphane -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bf619182-4a05-4a4f-a6e4-7b44711a34c4n%40apereo.org.
