I am implementing a SSO option using SAML with an external IdP. If I inspect received SAML response after I click on the SSO button in the browser, I can see the authentication data that I need (such as the name of the user and the email), so the communication with the IdP works just fine.
However Keycloak does not perform the login and shows me a page where it says: "We are sorry... Login timeout, Please log in again.", and no new user is registered. The login timeout for tokens in my realm is set to 30 minutes.
Looking at the logs I find the following error:
keycloak_1 | 00:38:27,888 ERROR [org.keycloak.broker.saml.SAMLEndpoint] (default task-26) Assertion expired.
keycloak_1 | 00:38:27,889 WARN [org.keycloak.events] (default task-26) type=IDENTITY_PROVIDER_RESPONSE_ERROR, realmId=master, clientId=null, userId=null, ipAddress=172.20.0.1, error=invalid_saml_response
I found that this could be due to the disparity of the EntityID in the IdP and the SP, but I contacted my IdP and the EntityID is the same.
What could be the problem?
