Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Jira DC SSO SAML Assertion - Failing (Timing issues)

Reab April 6, 2021

Dear, 

 

I am trying to integrate Jira with IDP to enable SSO using SAML. (Using the build-in SSO in DC)

The users are being authenticated and redirected to Jira successfully. However, I'm getting an error after being redirected as follows: 

Something went wrong

We couldn't log you in. This may be for a variety of reasons. We suggest trying again.

If the problem persists, contact your JIRA administrator. Give them this error identifier:

 

After checking Jira Logs I found this: 

com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: Timing issues (please check your clock settings)

 

I took a look at the SAML response and found that the NotBefore condition is failing because the IDP server is 4 seconds ahead. 

 

How can we allow clock skew for SAML in Jira? 

 

 

 

Thanks, 

 

2 comments

Comment

Log in or Sign up to comment
Reab April 6, 2021

Solved. 

Changed the IDP clock setting and sync it to Jira  

Patrick Hobusch January 17, 2022

In my case the base URL of the IDP (Crowd) was not correct. It was set to crowd.example.com instead of crowd.example.com/crowd. But that was also clearly stated in the logs.

TAGS
AUG Leaders

Atlassian Community Events