Today a site (ASP.NET MVC) where we have implemented ComponentSpace as a Service Provider, we discovered a situation where people were unable to log in. Clicking the SP-Initiated login button results in waiting indefinitely and not connecting to the IdP. Clicking the IdP-Initiated login also hangs indefinitely.
It seems like the IdP-Initiated login creates the following error log:
Error during SSO Login :: The SAML assertion is outside the valid time period. at ComponentSpace.SAML2.InternalSAMLServiceProvider.CheckWithinTimePeriod(SAMLAssertion samlAssertion) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 581
at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLAssertion(SAMLAssertion samlAssertion, String& authnContext, String& userName, SAMLAttribute[]& attributes) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 717
at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequestBase httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 1081
No code or configuration changes were made on the site until we were trying to diagnose the problem. I made a change based on another forum entry but that only resulted in the XML in the saml.config being invalid.
SP-Initiated Login does not make any sort of log entries it just hangs forever (or a long enough time that I eventually just cancel the request).
Edit:
We also restarted the application pool, site, IIS and server in that order over the course of the day and the same issue is occuring.
Hi Matt,
SAML assertions include NotBefore and NotOnOrAfter fields. We check that the current time is within this interval. If it isn’t, we throw the exception you’re seeing.
Please ensure the time on your server is correct. Also, ask the IdP to check the time on their server.
If there’s still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace