Rainer Brandl

IBM Notes SAML authentication and the error message "Single Sign-On token is expired"

Today I received an early call from a customer with the information, that no user can login to IBM Notes with the activated SAML authentication.

The users received the following error message:


( Single Sign-On token is expired )



After some investigations and looking at the server console something made me perplex >>

[10779:00296-591341312] 05.12.2016 15:30:16   ATTEMPT TO ACCESS SERVER by …. was denied: Single Sign-On token is expired

Looking at the clock I noticed, that it´s Monday – 07:30AM !!!

After a phone call with the customer the problem was solved very quick:

an update on the VMware ESXi hosts switched all servers running on this ESXi host to get their local server time from the ESXi host and not from the NTP server !!

After manually changing the time to the correct NTP host, Notes NFL was working again without any problems.

So be aware of the time settings when using SAML authentication in IBM Notes !!

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s