<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7V7ISAVOkta Classic EngineOkta Integration NetworkAnswered2024-04-17T11:09:23.000Z2016-08-04T12:43:30.000Z2018-08-12T04:16:09.000Z

qsldk (qsldk) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Delayed SSO message and server time-stamp settings
We are setting up a new app with CWT via a SAML 2.0 connection. One of the settings that they ask their customers to set is:

 

Time-to-Live - To compensate for the inevitable server system clock skew, despite the use of NTP, and to compensate for the inevitable network latency in delivering an SSO message across the Internet, a time window of +/- 3 minutes or more will avoid situations where the SSO message arrives with an invalid timestamp (either too early or too late).

 

Has anyone set something like this before? If so, how did you do it?
  • 2 answers
  • 2.35K views

  • gabriel.sroka1.4374539321839353E12 (Okta, Inc.)

    Hi Angela,

    The SAML Wizard sets the time to +/- 5 minutes. Are you using the SAML Wizard? Or OAN?

     

    You can take a look at the SAML we generate (for example, using SAML Tracer) and check out the <Conditions> element. This assertion was generated at 16:07:

     

    <saml2:Conditions NotBefore="2016-08-04T16:02:47.008Z" NotOnOrAfter="2016-08-04T16:12:47.008Z ...

     

    Thanks,

     

    Gabriel Sroka
    Expand Post
    Selected as Best

  • gabriel.sroka1.4374539321839353E12 (Okta, Inc.)

    Hi Angela,

    The SAML Wizard sets the time to +/- 5 minutes. Are you using the SAML Wizard? Or OAN?

     

    You can take a look at the SAML we generate (for example, using SAML Tracer) and check out the <Conditions> element. This assertion was generated at 16:07:

     

    <saml2:Conditions NotBefore="2016-08-04T16:02:47.008Z" NotOnOrAfter="2016-08-04T16:12:47.008Z ...

     

    Thanks,

     

    Gabriel Sroka
    Expand Post
    Selected as Best

  • qsldk (qsldk)

    Hello Gabriel,

     

    I used the SAML wizard to configure. I was concerned this was a field that had to be set in the background. I will take a look at the assertion.

     

    Thank you!!

    Angela
    Expand Post
This question is closed.
Loading
Delayed SSO message and server time-stamp settings