• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

SAML invalid timestamp.

Scheduled Pinned Locked Moved
Q&A
4
6
5.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    joseantonio
    last edited by 20 Oct 2021, 11:49

    Hi!

    Situation:
    Few months ago my I set up a FA installation hosted in FA servers. Then I set a SAMLv2 IDP configuration, and in the end ran perfect.

    Now I set the same configuration for the same IDP in a FA installation (1.27.2) hosted in our servers.

    However, this configuration does not work correctly this time. I have contacted the IDP manager, and he said that the timestamp in the AuthNRequest is invalid. So, I checked the server and database timezone configurations, and set everything to UTC, as SAMLv2 demands, and then rebooted everything. No effect from this.

    Then I realized that the event logs in the FA server shows a different time (UTC) from ours (CEST).

    FA hosted server:

    02500988-5885-4eb9-86bc-0b0b640231c1-image.png

    Our server:

    f2a19e08-6931-4f1c-b620-a33f0dcfb411-image.png

    Do you have any ideas on how I can change or set that timezone? Since I think this is the reason why the SAML conection is not working.

    Thank you!

    1 Reply Last reply Reply Quote 0
    • J
      joseantonio
      last edited by 22 Oct 2021, 11:28

      Hi again!

      For the record, I just found the solution.

      Fusionauth config is taken from JVM variables, as explained here. These can be chaged with the fusionauth-search.additional-java-args property, specified in the fusionauth.properties file like so:

      fusionauth-search.additional-java-args="-Duser.timezone=UTC".

      Then everything is working and compliant with SAMLv2 timestamps. Hope this helps someone else some day.

      R 1 Reply Last reply 10 Nov 2021, 02:23 Reply Quote 2
      • R
        robotdan @joseantonio
        last edited by 10 Nov 2021, 02:23

        @joseantonio

        Thanks!! This may be a bug, we’ll open an issue to track.

        D 1 Reply Last reply 12 Sept 2022, 01:19 Reply Quote 0
        • D
          dan @robotdan
          last edited by 12 Sept 2022, 01:19

          @joseantonio

          We opened a bug and reviewed our SAML code and were unable to replicate the issue.

          Here's the bug: https://github.com/FusionAuth/fusionauth-issues/issues/1486

          If you can add any replication steps or other information to this bug, that would be very helpful. Otherwise we'll close it out in a week or so.

          --
          FusionAuth - Auth so modern you can download it.
          https://fusionauth.io

          J S 2 Replies Last reply 12 Sept 2022, 07:27 Reply Quote 0
          • J
            joseantonio @dan
            last edited by 12 Sept 2022, 07:27

            Hi @dan !

            I'm sorry, the only thing I can say is that setting

            fusionauth-search.additional-java-args="-Duser.timezone=UTC"

            solved the issue for me.

            If that's already solved, I guess it can be closed.

            Thanks @dan and @robotdan for reviewing issues!

            1 Reply Last reply Reply Quote 1
            • S
              summercurrants @dan
              last edited by 19 Sept 2022, 02:14

              @dan said in SAML invalid timestamp.:

              @joseantonio

              We opened a bug and reviewed our SAML code and were unable to replicate the issue.

              Here's the bug: https://github.com/FusionAuth/fusionauth-issues/issues/1486

              If you can add any replication steps or other information to this bug, that would be very helpful. Otherwise we'll close it out in a week or so.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post