Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira DC SSO SAML Assertion - Failing (Timing issues)

Reab
Reab April 6, 2021

Dear, 

 

I am trying to integrate Jira with IDP to enable SSO using SAML. (Using the build-in SSO in DC)

The users are being authenticated and redirected to Jira successfully. However, I'm getting an error after being redirected as follows: 

Something went wrong

We couldn't log you in. This may be for a variety of reasons. We suggest trying again.

If the problem persists, contact your JIRA administrator. Give them this error identifier:

 

After checking Jira Logs I found this: 

com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: Timing issues (please check your clock settings)

 

I took a look at the SAML response and found that the NotBefore condition is failing because the IDP server is 4 seconds ahead. 

 

How can we allow clock skew for SAML in Jira? 

 

 

 

Thanks, 

 

Answer
Watch
Like Be the first to like this
2889 views

2 answers

1 accepted

Suggest an answer

Log in or Sign up to answer
0 votes
Answer accepted
Reab
Reab April 6, 2021

Solved. 

Changed the IDP clock setting and sync it to Jira  

Reply
0 votes
Patrick Hobusch
Patrick Hobusch January 17, 2022

In my case the base URL of the IDP (Crowd) was not correct. It was set to crowd.example.com instead of crowd.example.com/crowd. But that was also clearly stated in the logs.

Reply
groups-icon
Data Center
TAGS
AUG Leaders

Atlassian Community Events

    See all events