[
https://issues.apache.org/jira/browse/SYNCOPE-1794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17796734#comment-17796734
]
ASF subversion and git services commented on SYNCOPE-1794:
----------------------------------------------------------
Commit 924262083e8326555a92f113b11eaffb466e1fc5 in syncope's branch
refs/heads/3_0_X from Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=924262083e ]
[SYNCOPE-1794] Supporting maximum-authentication-lifetime configuration for
Console, Enduser and SRA (#576)
> SAML: Authentication issue instant is too old or in the future
> --------------------------------------------------------------
>
> Key: SYNCOPE-1794
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1794
> Project: Syncope
> Issue Type: Bug
> Components: console, enduser, extensions
> Affects Versions: 3.0.5
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Labels: SAML
> Fix For: 3.0.6, 4.0.0
>
>
> On SAML-based access to Console and Enduser, it might happen that the error
> "Session expired: please log in again" is displayed, after successful
> round-trip to the configured IdP.
> After investigation, the reason seems to be that some IdP is re-using
> information that the user has authenticated earlier (reporting that via the
> {{authnInstant}} in the SAML response).
> By default, pac4j (the underlying library on which SAML-based access to
> Console and Enduser is implemented) will prevent users from login if the
> authentication instant is older than 1 hour 3600 seconds).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
