IBM Notes SAML authentication and the error message "Single Sign-On token is expired"


Today I received an early call from a customer with the information, that no user can login to IBM Notes with the activated SAML authentication.

The users received the following error message:



( Single Sign-On token is expired )


After some investigations and looking at the server console something made me perplex >>

[10779:00296-591341312] 05.12.2016 15:30:16   ATTEMPT TO ACCESS SERVER by .... was denied: Single Sign-On token is expired

Looking at the clock I noticed, that it´s Monday - 07:30AM !!!

After a phone call with the customer the problem was solved very quick:

an update on the VMware ESXi hosts switched all servers running on this ESXi host to get their local server time from the ESXi host and not from the NTP server !!

After manually changing the time to the correct NTP host, Notes NFL was working again without any problems.

So be aware of the time settings when using SAML authentication in IBM Notes !!

Comments

  1. Great Post!! Even I had the same error for my identity and access management SAML solution. Anyways this has really helped me to solve the problem.

    ReplyDelete

Post a Comment

Popular posts from this blog

Warning – Microsofts Outlook app for iOS and Android breaks your company security

Resolve synchronisation issues after upgrade to IBM Notes Traveler 9.0.1.18

Shutdown/Restart Lotus Domino Server via Program Document