Francesco Chicchiriccò created SYNCOPE-1794: -----------------------------------------------
Summary: SAML: Authentication issue instant is too old or in the future Key: SYNCOPE-1794 URL: https://issues.apache.org/jira/browse/SYNCOPE-1794 Project: Syncope Issue Type: Bug Components: console, enduser, extensions Affects Versions: 3.0.5 Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Fix For: 3.0.6, 4.0.0 On SAML-based access to Console and Enduser, it might happen that the error "Session expired: please log in again" is displayed, after successful round-trip to the configured IdP. After investigation, the reason seems to be that some IdP is re-using information that the user has authenticated earlier (reporting that via the {{authnInstant}} in the SAML response). By default, pac4j (the underlying library on which SAML-based access to Console and Enduser is implemented) will prevent users from login if the authentication instant is older than 1 hour 3600 seconds). -- This message was sent by Atlassian Jira (v8.20.10#820010)