Francesco Chicchiriccò created SYNCOPE-1794:
-----------------------------------------------
Summary: SAML: Authentication issue instant is too old or in the
future
Key: SYNCOPE-1794
URL: https://issues.apache.org/jira/browse/SYNCOPE-1794
Project: Syncope
Issue Type: Bug
Components: console, enduser, extensions
Affects Versions: 3.0.5
Reporter: Francesco Chicchiriccò
Assignee: Francesco Chicchiriccò
Fix For: 3.0.6, 4.0.0
On SAML-based access to Console and Enduser, it might happen that the error
"Session expired: please log in again" is displayed, after successful
round-trip to the configured IdP.
After investigation, the reason seems to be that some IdP is re-using
information that the user has authenticated earlier (reporting that via the
{{authnInstant}} in the SAML response).
By default, pac4j (the underlying library on which SAML-based access to Console
and Enduser is implemented) will prevent users from login if the authentication
instant is older than 1 hour 3600 seconds).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
