Delayed SSO message and server time-stamp settings Skip to main content
https://support.okta.com/help/answers?id=906f0000000dfahia4&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Angela CragheadAngela Craghead 

Delayed SSO message and server time-stamp settings

We are setting up a new app with CWT via a SAML 2.0 connection. One of the settings that they ask their customers to set is:

Time-to-Live - To compensate for the inevitable server system clock skew, despite the use of NTP, and to compensate for the inevitable network latency in delivering an SSO message across the Internet, a time window of +/- 3 minutes or more will avoid situations where the SSO message arrives with an invalid timestamp (either too early or too late).

Has anyone set something like this before? If so, how did you do it?
Best Answer chosen by Niki (Okta, Inc.) 
Gabriel SrokaGabriel Sroka (Okta, Inc.)
Hi Angela,
The SAML Wizard sets the time to +/- 5 minutes. Are you using the SAML Wizard? Or OAN?

You can take a look at the SAML we generate (for example, using SAML Tracer) and check out the <Conditions> element. This assertion was generated at 16:07:

<saml2:Conditions NotBefore="2016-08-04T16:02:47.008Z" NotOnOrAfter="2016-08-04T16:12:47.008Z ...

Thanks,

Gabriel Sroka

All Answers

Gabriel SrokaGabriel Sroka (Okta, Inc.)
Hi Angela,
The SAML Wizard sets the time to +/- 5 minutes. Are you using the SAML Wizard? Or OAN?

You can take a look at the SAML we generate (for example, using SAML Tracer) and check out the <Conditions> element. This assertion was generated at 16:07:

<saml2:Conditions NotBefore="2016-08-04T16:02:47.008Z" NotOnOrAfter="2016-08-04T16:12:47.008Z ...

Thanks,

Gabriel Sroka
This was selected as the best answer
Angela CragheadAngela Craghead
Hello Gabriel,

I used the SAML wizard to configure. I was concerned this was a field that had to be set in the background. I will take a look at the assertion.

Thank you!!
Angela