0


We have a clock skew problem when issuing a SAML token to a client. The SSO server is ahead of time when compared to the requesting client.

Time from my client -bash-4.1$ date --utc
Wed Sep 25 09:11:58 UTC 2013

Time from sso server: sh-3.2# date --utc
Wed Sep 25 14:34:43 UTC 2013

Here is the error log

     The time now Wed Sep 25 14:25:01 UTC 2013 does not fall in the request lifetime interval extended with clock tolerance of 600000 ms:
[ Wed Sep 25 08:53:21 UTC 2013; Wed Sep 25 09:23:21 UTC 2013). This might be due to a clock skew problem.

How do we solve this?

4

1 回答 1

2

我建议尝试同步服务器的时间。如果您将 STS 配置为容忍更大的偏差,您将抵消该控制的目的。

于 2013-09-25T20:52:53.750 回答