Layer 7 Access Management

Tech Tip : CA Single Sign-On : SAML Requests Failing on 1 Production Node

  • 1.  Tech Tip : CA Single Sign-On : SAML Requests Failing on 1 Production Node

    Posted 10-26-2018 07:20 AM

    Issue:


    We're running a Policy Server and this one returns error :

    [14229/102][Thu Oct 25 2018 12:13:12][SmAuthSaml.cpp:1296][INFO][sm-log-00000] SmAuthenticateJNI() failed.

     

    How can we solve this ?

     

    Cause:

     

    Looking at the Policy Server traces, we see that for the given error in the smps.log

    [14229/102][Thu Oct 25 2018 12:13:12][SmAuthSaml.cpp:1296][INFO][sm-log-00000] SmAuthenticateJNI() failed.

    the Policy Server traces show the following error, which indicates
    that the machines from the environment aren't all time synced :

    [10/25/2018][12:13:12.430][12:13:12][14229][102][Saml2Validator.java][checkAssertion][66e62bcf-9484736a-03578b5e-214dee79-ad5cfcc7-f][][][][][][][][][][][][][][][][][][][][Assertion
    rejected (_013147c587260870e1129b3774f951dc) - AuthnInstant (Thu Oct 25 12:13:13 MEST 2018) occurs in future after current time {Thu Oct 25 12:13:12 MEST 2018)][][][][][][][][][]
    [][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [...]

    [10/25/2018][12:13:12.433][12:13:12][14229][102][SmAuthSaml.cpp:1296][][][][][][][][][][][][][][][][][][][][][][LogMessage:INFO:[sm-log-00000] SmAuthenticateJNI() failed. ][][][][][][][][][][][]
    [][][][][][][][][][][][][][][][][][][][][][][][][][][]

     

    Resolution:

     

    Insure that all machines are time sync to solve the issue.

     

     

    KB : KB000118539