You are viewing limited content. For full access, please sign in.

Question

The SAML token returned by the server is expired error randomly appeared

Laserfiche Version 11 Self-Hosted

Updated February 26, 2024

asked on February 20, 2024

I have multiple users who just got this error.

We use SAML for authentication and these users are using LF client. They were in the middle of using Laserfiche, tagging documents, and navigating. The resolve was to press ok and close down LF. Then they went back in. I have no idea how to track down what the issue could be or how to prevent it in the future. Any ideas?

0 0

Replies

replied on February 26, 2024

Potentially a time synchronization / clock drift issue. SAML tokens have a validity window as a security measure to prevent token replay (and other such) attacks. If the client's time is ahead of the server, the server could send a token that the client thinks is already expired. There are various flavors of this. But start by checking for any time differences between any of the machines involved in the SAML handshake, and then check those against authoritative NIST NTP time.

1 0

You are not allowed to follow up in this post.

Sign in to reply to this post.

Asked February 20, 2024
Updated February 26, 2024
284 views