[cisco-voip] Error Processing SAML Response
Matthew Loraditch
MLoraditch at heliontechnologies.com
Thu Sep 16 18:36:32 EDT 2021
The logs are pretty clear when its a time difference as the error. I’ve not seen it randomly occur but definitely the error will be it’s time and may even show the difference.
Its the 4j log file for sso I believe
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
Matthew Loraditch
Sr. Network Engineer
(He/Him/His)
p: 443.541.1518
w: www.heliontechnologies.com | e: MLoraditch at heliontechnologies.com
From: cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of Lelio Fulgenzi <lelio at uoguelph.ca>
Sent: Thursday, September 16, 2021 4:32:12 PM
To: Jonathan Charles <jonvoip at gmail.com>; Benjamin Turner <benmturner at hotmail.com>
Cc: cisco-voip at puck.nether.net <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Error Processing SAML Response
[EXTERNAL]
Have you been able to confirm the time difference?
I’m not trying to take their side of things, but if it’s minutes off, I wouldn’t doubt that’s possible. SSO is highly secure, right? A time difference might be enough to throw it off?
Here’s reference:
https://support.pingidentity.com/s/article/Accounting-for-Time-Drift-Between-SAML-Endpoints50907
From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of Jonathan Charles
Sent: Thursday, September 16, 2021 6:23 PM
To: Benjamin Turner <benmturner at hotmail.com>
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Error Processing SAML Response
CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp at uoguelph.ca<mailto:IThelp at uoguelph.ca>
No... TBH, I have never heard of it...
TAC is hyper-asserting that the issue is time mismatch between CUCM/CUC and ADFS...
Jonathan
On Thu, Sep 16, 2021 at 4:08 PM Benjamin Turner <benmturner at hotmail.com<mailto:benmturner at hotmail.com>> wrote:
Have you tried to run a SAML Tracer?
Sincerely,
Benjamin M. Turner
________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>> on behalf of Jonathan Charles <jonvoip at gmail.com<mailto:jonvoip at gmail.com>>
Sent: Thursday, September 16, 2021 4:56:48 PM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net> <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: [cisco-voip] Error Processing SAML Response
So, users are randomly getting the above error when logging into CUCM UCMUser or CUC Inbox... we are also getting it using AD credentials into admin pages for CUCM/CUC/etc.
For a user, it will work find repeatedly, then you will get the error, close your browser, and reopen, still get the error for a few minutes. Then later it will work. When a user is affected, other users work fine.
TAC is saying it is an NTP issue, however, NTP between CUCM 12.5 and IdP (ADFS 2.0) is fine.
Pings are around 1ms between servers.
Any ideas?
Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20210916/ecb7af3e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image657209.png
Type: image/png
Size: 9409 bytes
Desc: image657209.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20210916/ecb7af3e/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image487691.png
Type: image/png
Size: 431 bytes
Desc: image487691.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20210916/ecb7af3e/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image529913.png
Type: image/png
Size: 561 bytes
Desc: image529913.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20210916/ecb7af3e/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image776611.png
Type: image/png
Size: 444 bytes
Desc: image776611.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20210916/ecb7af3e/attachment-0003.png>
More information about the cisco-voip
mailing list