Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Using SAML for authentication, why do we get time skew error "Did not meet 'NotBefore' condition. Assertion is invalid..."?

matthijsk
Explorer
‎01-27-2016 02:26 AM

Hi,

I am trying to get Splunk to use SAML for authentication and authorization with AUth0. It works for 95%, but we regularly get errors regarding time skew:

Did not meet 'NotBefore' condition. Assertion is invalid.2016-01-27T10:20:40.047Z Verify the time in the response from IDP is in UTC time format.

I have already made sure to use a correct NTP server on the Splunk server, but this does not solve the issue. Is there a way to control the allowed time difference?

Best regards

Matthijs

0 Karma
Reply

jeff
Contributor
‎05-23-2016 09:14 AM

I was also running into this using Microsoft ADFS v3 as the IdP and Splunk 6.4.0. Both IdP and IsP are sync'd to NTP using the same source, but it was 50/50 if we'd see this error... Adding a time skew of 60 seconds on the IdP's relying party configuration resolved this issue for us:

  Add-PSSnapin Microsoft.Adfs.PowerShell
  Get-ADFSRelyingPartyTrust –identifier "splunkstage-dev"
  Set-ADFSRelyingPartyTrust –TargetIdentifier "splunkstage-dev"  –NotBeforeSkew 1

We don't seem to have this issue with other integrations in our ADFS environment... Just sayin'.

Reply

matthijsk
Explorer
‎01-29-2016 07:16 AM

I have been able to solve the timing issue most of the time, the problem is that the Splunk server runs in Azure and sometimes picks up a time that is slightly off when it boots. It still would be practical if we could define an allowed time skew (something you see with other SAML solutions). 5 seconds would probably be more then enough.
The only thing that does not work yet is the logout functionality, but working on that with Auth0.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎03-12-2016 03:13 PM

If the time skew option is available it will be set on your identity provider and not in splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...