Today I received an early call from a customer with the information, that no user can login to IBM Notes with the activated SAML authentication.
The users received the following error message:
After some investigations and looking at the server console something made me perplex >>
[10779:00296-591341312] 05.12.2016 15:30:16 ATTEMPT TO ACCESS SERVER by …. was denied: Single Sign-On token is expired
Looking at the clock I noticed, that it´s Monday – 07:30AM !!!
After a phone call with the customer the problem was solved very quick:
an update on the VMware ESXi hosts switched all servers running on this ESXi host to get their local server time from the ESXi host and not from the NTP server !!
After manually changing the time to the correct NTP host, Notes NFL was working again without any problems.
So be aware of the time settings when using SAML authentication in IBM Notes !!
Great Post!! Even I had the same error for my identity and access management SAML solution. Anyways this has really helped me to solve the problem.