Which SP implementation are you referring to? There are many. > -----Original Message----- > From: Tom Poage [mailto:[email protected]] > Sent: Wednesday, September 9, 2015 8:23 PM > To: [email protected] > Subject: [cas-user] CAS w/ SAML clock skew? > > Does the CAS SAML SP implementation (3.5.1 or newer) allow for/have clock > skew on NotBefore? Being optional, can this CAS SAML SP implementation > ignore NotBefore? > > This CAS SP (3.5.1) is having a problem with occasional clock skew (here > about two seconds) with the IdP (Shibboleth). > > > 2015-09-09 13:05:11,863 DEBUG [org.jasig.cas.util.ServiceHelper] - > Assertion issued at 2015-09-09T18:05:13.643Z > > 2015-09-09 13:05:11,863 DEBUG [org.jasig.cas.util.ServiceHelper] - Right > now it's 2015-09-09T18:05:11.863Z > > 2015-09-09 13:05:11,863 DEBUG [org.jasig.cas.util.ServiceHelper] - > NotBefore = 2015-09-09T18:05:13.643Z > > 2015-09-09 13:05:11,863 DEBUG [org.jasig.cas.util.ServiceHelper] - > Assertion doesn't meet NotBefore condition. > > 2015-09-09 13:05:11,863 DEBUG [org.jasig.cas.util.ServiceHelper] - > > notBefore = 2015-09-09T18:05:13.643Z > > 2015-09-09 13:05:11,863 DEBUG [org.jasig.cas.util.ServiceHelper] - > > current time = 2015-09-09T18:05:11.863Z > > One alternative might be to configure the IdP to disable sending > NotBefore. Discussion threads on the topic suggest this is an SP bug and > really should be fixed there. I have no control over the CAS SP. > > Insights? > > Thanks. > Tom. > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
