Jira DC SSO SAML Assertion - Failing (Timing issues)

Reab April 6, 2021

Dear, 

 

I am trying to integrate Jira with IDP to enable SSO using SAML. (Using the build-in SSO in DC)

The users are being authenticated and redirected to Jira successfully. However, I'm getting an error after being redirected as follows: 

Something went wrong

We couldn't log you in. This may be for a variety of reasons. We suggest trying again.

If the problem persists, contact your JIRA administrator. Give them this error identifier:

 

After checking Jira Logs I found this: 

com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: Timing issues (please check your clock settings)

 

I took a look at the SAML response and found that the NotBefore condition is failing because the IDP server is 4 seconds ahead. 

 

How can we allow clock skew for SAML in Jira? 

 

 

 

Thanks, 

 

2 answers

1 accepted

Suggest an answer

Log in or Sign up to answer
0 votes
Answer accepted
Reab April 6, 2021

Solved. 

Changed the IDP clock setting and sync it to Jira  

0 votes
Patrick Hobusch January 17, 2022

In my case the base URL of the IDP (Crowd) was not correct. It was set to crowd.example.com instead of crowd.example.com/crowd. But that was also clearly stated in the logs.

TAGS
AUG Leaders

Atlassian Community Events