I have a WSO2 Identity Server (v5.1.0) that working as a SSO for a group of application. Recently when I try to login and redirect to the application I get the error "SAML assertion expired".
This is my service Provider:
0
votes
Hi, It would be helpful if you can attach the exact error that was printed in the wso2 logs
– manuka_m
The error is not really given by the Identity Server. My application gives it to me once I login to the identity server and it was redirected. This is the error: SAML assertion expired. SAML.checkTimestampsValidityError. My application its nodejs using passport-saml
– maikelm
1 Answers
5
votes
Your application must be validating the below parameters of the SAML response sent by WSO2 to your application.
NotBefore="2020-03-31T11:35:58.017Z"
NotOnOrAfter="2020-03-31T11:40:58.015Z"
Please check if your application server's time and the Identity Server's time are not synced. (No need to reside on the same time zone)
To see what's the timestamp mentioned there in the sent SAML response, you can check the browser's network tracer as below.
- Check the POST request coming to your application's Assertion Consumer URL.
- Decode the SAMLResponse parameter of the payload body and check for the above values.
