<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body>

<div>

<div>

<div dir="ltr" style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

The logs are pretty clear when its a time difference as the error. I’ve not seen it randomly occur but definitely the error will be it’s time and may even show the difference. </div>

<div dir="ltr" style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

<br>

</div>

<div dir="ltr" style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

Its the 4j log file for sso I believe </div>

</div>

<div id="ms-outlook-mobile-signature">

<div><br>

</div>

Get <a href="https://aka.ms/o0ukef">Outlook for iOS</a></div>

</div>

<div dir="ltr" style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;direction:ltr;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td style="padding:0 10px 0 0;"> </td><td align="left" style="padding:10px 0 10px 10px;vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#F3800B;font-style:normal;font-weight:700;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;">Matthew Loraditch<span style="font-family:remialcxesans;font-size:1px;color:#FFFFFF;line-height:1px;"></span></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#808080;font-style:normal;font-weight:700;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;">Sr. Network Engineer</td></tr><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;">(He/Him/His)<br /></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:10px 0 0;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#808080;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"><span style="color:#F3800B;">p:</span> <a href="tel:443.541.1518" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#808080;"><strong style="font-weight:400;">443.541.1518</strong></a></td></tr></table></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#808080;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"><span style="color:#F3800B;">w:</span> <a href="http://www.heliontechnologies.com/" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#808080;"><strong style="font-weight:400;">www.heliontechnologies.com</strong></a></td><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"> | </td><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"><span style="color:#F3800B;">e:</span> <a href="mailto:MLoraditch@heliontechnologies.com" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#808080;"><strong style="font-weight:400;">MLoraditch@heliontechnologies.com</strong></a></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="left" style="vertical-align:bottom;"><a href="http://www.heliontechnologies.com/" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image657209.png@1EB9CA7A.E9B19642" width="300" height="75" border="0" title="Helion Technologies" alt="Helion Technologies" style="width:300px;min-width:300px;max-width:300px;height:75px;min-height:75px;max-height:75px;font-size:12px;" /></a></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:10px 0;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="center" style="vertical-align:top;"><a href="https://facebook.com/heliontech" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image487691.png@2563D92B.C15645F2" width="18" height="18" border="0" title="Facebook" alt="Facebook" style="width:18px;min-width:18px;max-width:18px;height:18px;min-height:18px;max-height:18px;font-size:12px;" /></a></td></tr></table></td><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="center" style="padding:0 3px 0 0;vertical-align:top;"><a href="https://twitter.com/heliontech" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image529913.png@611B5830.E75399EB" width="18" height="18" border="0" title="Twitter" alt="Twitter" style="width:18px;min-width:18px;max-width:18px;height:18px;min-height:18px;max-height:18px;font-size:12px;" /></a></td></tr></table></td><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="center" style="padding:0 3px 0 0;vertical-align:top;"><a href="https://www.linkedin.com/company/helion-technologies" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image776611.png@50E10B52.97DE23FF" width="18" height="18" border="0" title="LinkedIn" alt="LinkedIn" style="width:18px;min-width:18px;max-width:18px;height:18px;min-height:18px;max-height:18px;font-size:12px;" /></a></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></div><hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> cisco-voip <cisco-voip-bounces@puck.nether.net> on behalf of Lelio Fulgenzi <lelio@uoguelph.ca><br>

<b>Sent:</b> Thursday, September 16, 2021 4:32:12 PM<br>

<b>To:</b> Jonathan Charles <jonvoip@gmail.com>; Benjamin Turner <benmturner@hotmail.com><br>

<b>Cc:</b> cisco-voip@puck.nether.net <cisco-voip@puck.nether.net><br>

<b>Subject:</b> Re: [cisco-voip] Error Processing SAML Response</font>

<div> </div>

</div>

<style>

<!--

@font-face

        {font-family:"Cambria Math"}

@font-face

        {font-family:Calibri}

p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal

        {margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif}

a:link, span.x_MsoHyperlink

        {color:blue;

        text-decoration:underline}

span.x_EmailStyle20

        {font-family:"Calibri",sans-serif;

        color:windowtext}

.x_MsoChpDefault

        {font-family:"Calibri",sans-serif}

@page WordSection1

        {margin:1.0in 1.0in 1.0in 1.0in}

div.x_WordSection1

        {}

-->

</style>

<div lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">

<p></p>

<div style="background-color:#FFEB9C; width:100%; border-style:solid; border-color:#9C6500; border-width:1pt; padding:2pt; font-size:10pt; line-height:12pt; font-family:'Calibri'; color:Black; text-align:left">

<span style="color:#9C6500">[EXTERNAL]</span></div>

<br>

<p></p>

<div>

<div class="x_WordSection1">

<p class="x_MsoNormal">Have you been able to confirm the time difference?</p>

<p class="x_MsoNormal"> </p>

<p class="x_MsoNormal">I’m not trying to take their side of things, but if it’s minutes off, I wouldn’t doubt that’s possible. SSO is highly secure, right? A time difference might be enough to throw it off?</p>

<p class="x_MsoNormal"> </p>

<p class="x_MsoNormal">Here’s  reference:</p>

<p class="x_MsoNormal"> </p>

<p class="x_MsoNormal"><a href="https://support.pingidentity.com/s/article/Accounting-for-Time-Drift-Between-SAML-Endpoints50907">https://support.pingidentity.com/s/article/Accounting-for-Time-Drift-Between-SAML-Endpoints50907</a></p>

<p class="x_MsoNormal"> </p>

<p class="x_MsoNormal"> </p>

<p class="x_MsoNormal"> </p>

<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">

<p class="x_MsoNormal"><b>From:</b> cisco-voip <cisco-voip-bounces@puck.nether.net>

<b>On Behalf Of </b>Jonathan Charles<br>

<b>Sent:</b> Thursday, September 16, 2021 6:23 PM<br>

<b>To:</b> Benjamin Turner <benmturner@hotmail.com><br>

<b>Cc:</b> cisco-voip@puck.nether.net<br>

<b>Subject:</b> Re: [cisco-voip] Error Processing SAML Response</p>

</div>

<p class="x_MsoNormal"> </p>

<div style="border:solid #9C6500 1.0pt; padding:2.0pt 2.0pt 2.0pt 2.0pt">

<p class="x_MsoNormal" style="line-height:12.0pt; background:#FFEB9C"><b><span style="font-size:10.0pt; color:black">CAUTION:</span></b><span style="font-size:10.0pt; color:black"> This email originated from outside of the University of Guelph. Do not click

 links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to

<a href="mailto:IThelp@uoguelph.ca">IThelp@uoguelph.ca</a></span></p>

</div>

<p class="x_MsoNormal"> </p>

<div>

<p class="x_MsoNormal">No... TBH, I have never heard of it...</p>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal">TAC is hyper-asserting that the issue is time mismatch between CUCM/CUC and ADFS... </p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal">Jonathan</p>

</div>

</div>

<p class="x_MsoNormal"> </p>

<div>

<div>

<p class="x_MsoNormal">On Thu, Sep 16, 2021 at 4:08 PM Benjamin Turner <<a href="mailto:benmturner@hotmail.com">benmturner@hotmail.com</a>> wrote:</p>

</div>

<blockquote style="border:none; border-left:solid #CCCCCC 1.0pt; padding:0in 0in 0in 6.0pt; margin-left:4.8pt; margin-right:0in">

<div>

<p class="x_MsoNormal">Have you tried to run a SAML Tracer? </p>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div id="x_gmail-m_6287419307271280829ms-outlook-mobile-signature">

<p class="x_MsoNormal">Sincerely,<br>

Benjamin M. Turner</p>

</div>

<div class="x_MsoNormal" align="center" style="text-align:center">

<hr size="2" width="98%" align="center">

</div>

<div id="x_gmail-m_6287419307271280829divRplyFwdMsg">

<p class="x_MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>> on behalf of Jonathan Charles <<a href="mailto:jonvoip@gmail.com" target="_blank">jonvoip@gmail.com</a>><br>

<b>Sent:</b> Thursday, September 16, 2021 4:56:48 PM<br>

<b>To:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a> <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>

<b>Subject:</b> [cisco-voip] Error Processing SAML Response</span> </p>

<div>

<p class="x_MsoNormal"> </p>

</div>

</div>

<div>

<div>

<p class="x_MsoNormal">So, users are randomly getting the above error when logging into CUCM UCMUser or CUC Inbox... we are also getting it using AD credentials into admin pages for CUCM/CUC/etc.

</p>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal">For a user, it will work find repeatedly, then you will get the error, close your browser, and reopen, still get the error for a few minutes. Then later it will work. When a user is affected, other users work fine.</p>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal">TAC is saying it is an NTP issue, however, NTP between CUCM 12.5 and IdP (ADFS 2.0) is fine.</p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal">Pings are around 1ms between servers.</p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal">Any ideas?</p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal">Jonathan</p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

</div>

</div>

</div>

</div>

</blockquote>

</div>

</div>

</div>

</div>

</body>

</html>