WordPress.org

Ready to get started?Download WordPress

Forums

SAML 2.0 Single Sign-On
[resolved] Invalid SAML2 timestamp (2 posts)

  1. awonglk
    Member
    Posted 1 year ago #

    I got your plugin to work ADFS earlier. Now trying it with another IDP using Siteminder Federation Manager. Everything appears to be setup correctly (WordPress gets redirected to IDP, and then user gets authenticated). Once authenticated, I get this:

    SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

    Backtrace:
    0 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:180 (N/A)
    Caused by: Exception: Invalid SAML2 timestamp passed to parseSAML2Time: 2013-06-27T02:26:13.314-07:00
    Backtrace:
    7 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Utilities.php:361 (SimpleSAML_Utilities::parseSAML2Time)
    6 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SAML2/Message.php:137 (SAML2_Message::__construct)
    5 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SAML2/StatusResponse.php:49 (SAML2_StatusResponse::__construct)
    4 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SAML2/Response.php:23 (SAML2_Response::__construct)
    3 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SAML2/Message.php:471 (SAML2_Message::fromXML)
    2 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/lib/SAML2/HTTPPost.php:76 (SAML2_HTTPPost::receive)
    1 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/saml2-acs.php:16 (require)
    0 /var/www/wordpress/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)

    Something about how this particular IDP passes time format??

    Regards,
    Anthony

    http://wordpress.org/extend/plugins/saml-20-single-sign-on/

  2. ktbartholomew
    Member
    Plugin Author

    Posted 1 year ago #

    Your IdP is including a time zone with the timestamp (the -07:00 at the very end), when it should be sending the timestamp in "Zulu time" (UTC) to comply with the XML and SAML standards. This issue has come up before and been addressed here on the SimpleSAMLPHP mailing list: https://groups.google.com/forum/#!msg/simplesamlphp/3LOe7059Fkc/wRJ5jZtZ9vEJ

    I would recommend manually patching the SimpleSAMLPHP code for now (in /wp-content/plugins/saml-20-single-sign-on/saml/...), and a future update may allow the plugin to intelligently handle both compliant and non-compliant timestamps.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.