[
https://issues.apache.org/jira/browse/SYNCOPE-1794?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò updated SYNCOPE-1794:
--------------------------------------------
Component/s: sra
> SAML: Authentication issue instant is too old or in the future
> --------------------------------------------------------------
>
> Key: SYNCOPE-1794
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1794
> Project: Syncope
> Issue Type: Bug
> Components: console, enduser, extensions, sra
> Affects Versions: 3.0.5
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Labels: SAML
> Fix For: 3.0.6, 4.0.0
>
>
> On SAML-based access to Console and Enduser, it might happen that the error
> "Session expired: please log in again" is displayed, after successful
> round-trip to the configured IdP.
> After investigation, the reason seems to be that some IdP is re-using
> information that the user has authenticated earlier (reporting that via the
> {{authnInstant}} in the SAML response).
> By default, pac4j (the underlying library on which SAML-based access to
> Console and Enduser is implemented) will prevent users from login if the
> authentication instant is older than 1 hour (3600 seconds).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
