This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

AZURE AD SAML Login Error for APIGEE API portal

Posted on 12-11-2024 10:59 PM
GPR1314
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We have enabled SAML login for our API portal with AZURE SSO. Getting this error " Response doesn't have any valid assertion. Authentication Statement is too old to be used. Please re-login to your Identity Provider"
How to get rid of this error without clearing cookies caches and browser history and we do not want to re authenticate when it already has an active session for Azure AD.

0 1 140
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

The error message seems pretty helpful. It's telling you the Authentication statement is too old.  What is the test for "too old"?  We don't know that. 

If I were you I would try using this tool: https://chromewebstore.google.com/detail/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch?hl=en&pli=1

...to examine the SAML exchange between the browser, the IDP and the SP (API portal). 

That should allow you to see the SAML transactions. You can then examine the expiry on the Assertion and maybe track down why you are getting that "too old" message.

You said " for our API portal ".  Is that a Drupal portal?  If so that means it runs on a server that you , at least somewhat, control.   In that case, the other thing to check is clock skew. If the server that runs your Drupal portal has a clock that is not correctly managed, then it can have a time that is ... some time in the future.  (or the past?)  In which case it will reject the timestamp on a perfectly valid SAML Assertion. 

 

0 Likes