Remove From My Forums

Getting Invalid SAML token error because of Time difference

Question
0

Sign in to vote

Hello All,

I have a client whos machine is 5 mins ahed of actual time zone of PST GMT - 8.00. because of that i'm getting Invalid SAML token error & i'm allready set the lifetime security token to 480 (8 hrs) of AD FS 2.0 & Specifying the amount of time for a security token for ACS is 86400.

Please help me.

Thanks

Rahul

Thursday, March 8, 2012 2:07 PM

Answers

0

Sign in to vote
Hi Rahul,

I mean The Access control service will generate Acs token base on your ADFS token and send it to Relying Party Application (RP), Add Relying Party Application will check your Acs Token, if it's correct and in Acs lifetime (86400 seconds, 1 day), users can login to application, so please make sure your application can works as i has mentioned to avoid Token lifetime reason, if the token still invalid, i think there is something wrong with other parties, and you can post the error message and stack message in this thread, here i share two links about how's ACS working in Windows Azure:

http://msdn.microsoft.com/en-us/magazine/gg490345.aspx

http://msdn.microsoft.com/en-us/library/hh446535.aspx

Hope it can help you.

Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework
- Marked as answer by Arwind - MSFT Thursday, March 15, 2012 8:00 AM
Friday, March 9, 2012 5:10 AM

All replies

0

Sign in to vote

Hi Rahul,

As far as i know, ADFS token is note related to Client machine time, your ADFS token lifetime is 8 hours, this Token lifetime is decided by ADFS Server machine's time, and if it was sent to ACS services in time, your client will receive ACS Token, the acs token is available with your ACS lifetime (your ACS life time is 86400 seconds), if clients sends ACS token to RP in ACS lifetime, your application will work fine.

Hope it can help you.
Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework

Friday, March 9, 2012 3:45 AM
0

Sign in to vote

Hi Arwind,

Thanks for your reply, can you please explain this in more details "if clients sends ACS token to RP in ACS lifetime, your application will work fine".

Thanks

Rahul

Friday, March 9, 2012 4:27 AM
0

Sign in to vote
Hi Rahul,

I mean The Access control service will generate Acs token base on your ADFS token and send it to Relying Party Application (RP), Add Relying Party Application will check your Acs Token, if it's correct and in Acs lifetime (86400 seconds, 1 day), users can login to application, so please make sure your application can works as i has mentioned to avoid Token lifetime reason, if the token still invalid, i think there is something wrong with other parties, and you can post the error message and stack message in this thread, here i share two links about how's ACS working in Windows Azure:

http://msdn.microsoft.com/en-us/magazine/gg490345.aspx

http://msdn.microsoft.com/en-us/library/hh446535.aspx

Hope it can help you.

Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework
- Marked as answer by Arwind - MSFT Thursday, March 15, 2012 8:00 AM
Friday, March 9, 2012 5:10 AM

Answered by:

Getting Invalid SAML token error because of Time difference

Question

Answers

All replies