<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr">Is one system observing Daylight Savings Time and the other is not?</div><div dir="ltr"><br><blockquote type="cite">On Sep 17, 2021, at 08:14, Jonathan Charles <jonvoip@gmail.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr">Here is another one that failed... but the timestamp is not off... <div><br></div><div>2021-09-15 16:06:26,226 DEBUG [http-nio-81-exec-4] fappend.SamlLogger - SAML2Utils.checkConditions: NotOnOrAfter Condition = Wed Sep 15 22:06:26 UTC 2021<br><br>2021-09-15 <span style="background-color:rgb(255,0,0)">16:06:26,226</span> DEBUG [http-nio-81-exec-4] fappend.SamlLogger - SAML2Utils.checkConditions: NotBefore Condition = Wed Sep <span style="background-color:rgb(255,0,0)">15 21:06:26</span> UTC 2021<br><br>2021-09-15 16:06:26,226 DEBUG [http-nio-81-exec-4] fappend.SamlLogger - SAML2Utils.checkConditions: The assertion does not meet NotOnOrAfter or NotBefore condition.<br><br> <br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Sep 17, 2021 at 8:00 AM Jonathan Charles <<a href="mailto:jonvoip@gmail.com">jonvoip@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">The error message in the Cisco traces (SSO) is:<div><br></div><div><p class="MsoNormal">2021-09-15 16:07:43,791 DEBUG [http-nio-81-exec-22] fappend.SamlLogger - SAML2Utils.checkConditions: <span style="background:yellow">NotOnOrAfter Condition = Wed Sep 15 22:07:44 UTC 2021</span> <b><i><u>- this time is 17:07:44 CDT</u></i></b><u></u><u></u></p><p class="MsoNormal">2021-09-15 16:07:43,791 DEBUG [http-nio-81-exec-22] fappend.SamlLogger - SAML2Utils.checkConditions: <span style="background:yellow">NotBefore Condition = Wed Sep 15 21:07:44 UTC 2021</span> <b><i><u>- this time is 16:07:44 CDT</u></i></b></p></div><div><br></div><div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">2021-09-15 15:25:10,642 ERROR [http-nio-81-exec-10] authentication.SAMLAuthenticator - Error while processing saml response The time in the Assertion's Condition is invalid.<br>
com.sun.identity.saml2.common.SAML2Exception: The time in the Assertion's Condition is invalid.</div></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">Basically what appears to be occurring is we get a NotBefore of 1 second after our request came in (16:07:43) and it gets killed....</div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">The real question is what they need to do on the ADFS side to fix this... why are they sending us a time in the future? The argument is NTP is off by one second for one of the servers (all of them show synched)...</div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">Jonathan</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 16, 2021 at 8:29 PM Kent Roberts <<a href="mailto:kent@fredf.org" target="_blank">kent@fredf.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Oh, ok if I mis-understood then, yes a SAML trace would be good, as well as knowing is this new or did it work. Seems similar to what I have seen in UCCE with the packet stuff not signed or wrong encryption type… course thats UCCE vs CUCM, but usually cucm just works…<div><br><div><br><blockquote type="cite"><div>On Sep 16, 2021, at 6:45 PM, Johnson, Tim <<a href="mailto:johns10t@cmich.edu" target="_blank">johns10t@cmich.edu</a>> wrote:</div><br><div><div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">Nah, looks like he said logging into CCM Admin pages, with AD accounts, so all areas of the web UI (I believe). The NTP errors that I’ve seen are presented as SAML assertion errors.<u></u><u></u></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">I’m curious if this is a new SSO config, or if it was working properly and something’s changed.<u></u><u></u></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div><div style="border-style:solid none none;border-top-width:1pt;border-top-color:rgb(225,225,225);padding:3pt 0in 0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b>From:</b><span> </span>cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip-bounces@puck.nether.net</a>><span> </span><b>On Behalf Of<span> </span></b>Kent Roberts<br><b>Sent:</b><span> </span>Thursday, September 16, 2021 8:37 PM<br><b>To:</b><span> </span>Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com" style="color:blue;text-decoration:underline" target="_blank">MLoraditch@heliontechnologies.com</a>><br><b>Cc:</b><span> </span><a href="mailto:cisco-voip@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip@puck.nether.net</a><br><b>Subject:</b><span> </span>[External] Re: [cisco-voip] Error Processing SAML Response<u></u><u></u></div></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">Remember he said it also was happening on the CUCM Admin account which has nothing to do with SSO/SAML. So means its most likely internal to cucm...<u></u><u></u></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><br><br><u></u><u></u></div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">On Sep 16, 2021, at 4:36 PM, Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com" style="color:blue;text-decoration:underline" target="_blank">MLoraditch@heliontechnologies.com</a>> wrote:<u></u><u></u></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div><div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;background-color:white"><span style="font-size:9pt;font-family:Helvetica,sans-serif">The logs are pretty clear when its a time difference as the error. I’ve not seen it randomly occur but definitely the error will be it’s time and may even show the difference. </span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;background-color:white"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;background-color:white"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Its the 4j log file for sso I believe </span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div></div><div id="gmail-m_-8384251600792763922gmail-m_8328105353242076105ms-outlook-mobile-signature"><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Get<span> </span><a href="https://aka.ms/o0ukef" style="color:blue;text-decoration:underline" target="_blank">Outlook for iOS</a><u></u><u></u></span></div></div></div><div><table border="0" cellspacing="0" cellpadding="0" width="934" style="width:700.5pt"><tbody><tr><td valign="top" style="padding:0in"><table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td style="padding:0in 7.5pt 0in 0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:1pt"> <u></u><u></u></span></div></td><td style="padding:7.5pt 0in 7.5pt 7.5pt"><table border="0" cellspacing="0" cellpadding="0" width="487" style="width:365.15pt"><tbody><tr><td valign="top" style="padding:0in"><table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td valign="top" style="padding:0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b><span style="color:rgb(243,128,11)">Matthew Loraditch</span></b><b><span style="font-size:1pt;font-family:remialcxesans,serif;color:white"></span></b><b><span style="color:rgb(243,128,11)"><u></u><u></u></span></b></div></td></tr></tbody></table></td></tr><tr><td valign="top" style="padding:0in"><table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td valign="top" style="padding:0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b><span style="color:gray">Sr. Network Engineer<u></u><u></u></span></b></div></td></tr><tr><td valign="top" style="padding:0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b><span style="color:gray">(He/Him/His)<u></u><u></u></span></b></div></td></tr></tbody></table></td></tr><tr><td valign="top" style="padding:0in"><table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td valign="top" style="padding:7.5pt 0in 0in"><table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td valign="top" style="padding:0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="color:rgb(243,128,11)">p:</span><span style="color:gray"> <a href="tel:443.541.1518" style="color:blue;text-decoration:underline" target="_blank"><strong><span style="font-family:Calibri,sans-serif;color:gray;font-weight:normal;text-decoration:none">443.541.1518</span></strong></a><u></u><u></u></span></div></td></tr></tbody></table></td></tr></tbody></table></td></tr><tr><td valign="top" style="padding:0in"><table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td valign="top" style="padding:0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="color:rgb(243,128,11)">w:</span><span style="color:gray"> <a href="http://www.heliontechnologies.com/" style="color:blue;text-decoration:underline" target="_blank"><strong><span style="font-family:Calibri,sans-serif;color:gray;font-weight:normal;text-decoration:none">www.heliontechnologies.com</span></strong></a><u></u><u></u></span></div></td><td valign="top" style="padding:0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="color:gray"> | <u></u><u></u></span></div></td><td valign="top" style="padding:0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="color:rgb(243,128,11)">e:</span><span style="color:gray"> <a href="mailto:MLoraditch@heliontechnologies.com" style="color:blue;text-decoration:underline" target="_blank"><strong><span style="font-family:Calibri,sans-serif;color:gray;font-weight:normal;text-decoration:none">MLoraditch@heliontechnologies.com</span></strong></a><u></u><u></u></span></div></td></tr></tbody></table></td></tr><tr><td style="padding:0in"><table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td valign="bottom" style="padding:0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:1pt"><a href="http://www.heliontechnologies.com/" style="color:blue;text-decoration:underline" target="_blank"><span style="text-decoration:none"><image657209.png></span></a><u></u><u></u></span></div></td></tr></tbody></table></td></tr><tr><td valign="top" style="padding:0in"><table border="0" cellspacing="0" cellpadding="0" width="487" style="width:365.15pt"><tbody><tr><td valign="top" style="padding:0in"><table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td valign="top" style="padding:7.5pt 0in"><table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td valign="top" style="padding:0in"><table border="0" cellspacing="0" cellpadding="0" width="18" style="width:13.5pt"><tbody><tr><td valign="top" style="padding:0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;text-align:center"><span style="font-size:1pt"><a href="https://facebook.com/heliontech" style="color:blue;text-decoration:underline" target="_blank"><span style="text-decoration:none"><image487691.png></span></a><u></u><u></u></span></div></td></tr></tbody></table></td><td valign="top" style="padding:0in"><table border="0" cellspacing="0" cellpadding="0" width="21" style="width:15.75pt"><tbody><tr><td valign="top" style="padding:0in 2.25pt 0in 0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;text-align:center"><span style="font-size:1pt"><a href="https://twitter.com/heliontech" style="color:blue;text-decoration:underline" target="_blank"><span style="text-decoration:none"><image529913.png></span></a><u></u><u></u></span></div></td></tr></tbody></table></td><td valign="top" style="padding:0in"><table border="0" cellspacing="0" cellpadding="0" width="21" style="width:15.75pt"><tbody><tr><td valign="top" style="padding:0in 2.25pt 0in 0in"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;text-align:center"><span style="font-size:1pt"><a href="https://www.linkedin.com/company/helion-technologies" style="color:blue;text-decoration:underline" target="_blank"><span style="text-decoration:none"><image776611.png></span></a><u></u><u></u></span></div></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></div><div class="MsoNormal" align="center" style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;text-align:center"><hr size="2" width="915" align="center" style="width:686.5pt"></div><div id="gmail-m_-8384251600792763922gmail-m_8328105353242076105divRplyFwdMsg"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b>From:</b><span> </span>cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip-bounces@puck.nether.net</a>> on behalf of Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" style="color:blue;text-decoration:underline" target="_blank">lelio@uoguelph.ca</a>><br><b>Sent:</b><span> </span>Thursday, September 16, 2021 4:32:12 PM<br><b>To:</b><span> </span>Jonathan Charles <<a href="mailto:jonvoip@gmail.com" style="color:blue;text-decoration:underline" target="_blank">jonvoip@gmail.com</a>>; Benjamin Turner <<a href="mailto:benmturner@hotmail.com" style="color:blue;text-decoration:underline" target="_blank">benmturner@hotmail.com</a>><br><b>Cc:</b><span> </span><a href="mailto:cisco-voip@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip@puck.nether.net</a><span> </span><<a href="mailto:cisco-voip@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip@puck.nether.net</a>><br><b>Subject:</b><span> </span>Re: [cisco-voip] Error Processing SAML Response<span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div></div><div style="border:1pt solid rgb(156,101,0);padding:2pt"><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;line-height:12pt;background-color:rgb(255,235,156)"><span style="font-size:10pt;color:rgb(156,101,0)">[EXTERNAL]</span><span style="font-size:10pt"><u></u><u></u></span></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div></div><div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">Have you been able to confirm the time difference?<u></u><u></u></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">I’m not trying to take their side of things, but if it’s minutes off, I wouldn’t doubt that’s possible. SSO is highly secure, right? A time difference might be enough to throw it off?<u></u><u></u></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">Here’s reference:<u></u><u></u></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><a href="https://support.pingidentity.com/s/article/Accounting-for-Time-Drift-Between-SAML-Endpoints50907" style="color:blue;text-decoration:underline" target="_blank">https://support.pingidentity.com/s/article/Accounting-for-Time-Drift-Between-SAML-Endpoints50907</a><u></u><u></u></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div><div style="border-style:solid none none;border-top-width:1pt;border-top-color:rgb(225,225,225);padding:3pt 0in 0in"><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b>From:</b><span> </span>cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip-bounces@puck.nether.net</a>><span> </span><b>On Behalf Of<span> </span></b>Jonathan Charles<br><b>Sent:</b><span> </span>Thursday, September 16, 2021 6:23 PM<br><b>To:</b><span> </span>Benjamin Turner <<a href="mailto:benmturner@hotmail.com" style="color:blue;text-decoration:underline" target="_blank">benmturner@hotmail.com</a>><br><b>Cc:</b><span> </span><a href="mailto:cisco-voip@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip@puck.nether.net</a><br><b>Subject:</b><span> </span>Re: [cisco-voip] Error Processing SAML Response<u></u><u></u></div></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div><div style="border:1pt solid rgb(156,101,0);padding:2pt"><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;line-height:12pt;background-color:rgb(255,235,156)"><b><span style="font-size:10pt">CAUTION:</span></b><span><span style="font-size:10pt"> </span></span><span style="font-size:10pt">This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to<span> </span><a href="mailto:IThelp@uoguelph.ca" style="color:blue;text-decoration:underline" target="_blank">IThelp@uoguelph.ca</a></span><u></u><u></u></div></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">No... TBH, I have never heard of it...<u></u><u></u></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">TAC is hyper-asserting that the issue is time mismatch between CUCM/CUC and ADFS... <u></u><u></u></div></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">Jonathan<u></u><u></u></div></div></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div><div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">On Thu, Sep 16, 2021 at 4:08 PM Benjamin Turner <<a href="mailto:benmturner@hotmail.com" style="color:blue;text-decoration:underline" target="_blank">benmturner@hotmail.com</a>> wrote:<u></u><u></u></div></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">Have you tried to run a SAML Tracer?<span> </span><u></u><u></u></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div id="gmail-m_-8384251600792763922gmail-m_8328105353242076105x_gmail-m_6287419307271280829ms-outlook-mobile-signature"><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">Sincerely,<br>Benjamin M. Turner<u></u><u></u></div></div></div><div class="MsoNormal" align="center" style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;text-align:center"><hr size="2" width="98%" align="center"></div><div id="gmail-m_-8384251600792763922gmail-m_8328105353242076105x_gmail-m_6287419307271280829divRplyFwdMsg"><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b>From:</b><span> </span>cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip-bounces@puck.nether.net</a>> on behalf of Jonathan Charles <<a href="mailto:jonvoip@gmail.com" style="color:blue;text-decoration:underline" target="_blank">jonvoip@gmail.com</a>><br><b>Sent:</b><span> </span>Thursday, September 16, 2021 4:56:48 PM<br><b>To:</b><span> </span><a href="mailto:cisco-voip@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip@puck.nether.net</a><span> </span><<a href="mailto:cisco-voip@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip@puck.nether.net</a>><br><b>Subject:</b><span> </span>[cisco-voip] Error Processing SAML Response<u></u><u></u></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div></div><div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">So, users are randomly getting the above error when logging into CUCM UCMUser or CUC Inbox... we are also getting it using AD credentials into admin pages for CUCM/CUC/etc.<u></u><u></u></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">For a user, it will work find repeatedly, then you will get the error, close your browser, and reopen, still get the error for a few minutes. Then later it will work. When a user is affected, other users work fine.<u></u><u></u></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">TAC is saying it is an NTP issue, however, NTP between CUCM 12.5 and IdP (ADFS 2.0) is fine.<u></u><u></u></div></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">Pings are around 1ms between servers.<u></u><u></u></div></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">Any ideas?<u></u><u></u></div></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">Jonathan<u></u><u></u></div></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div><div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></div></div></div></div></div></div></blockquote></div></div></div></div><div style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" style="color:blue;text-decoration:underline" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a></span></div></div></blockquote></div></div></div></blockquote></div><br></div></div>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div>
</blockquote></div>
<span>_______________________________________________</span><br><span>cisco-voip mailing list</span><br><span>cisco-voip@puck.nether.net</span><br><span>https://puck.nether.net/mailman/listinfo/cisco-voip</span><br></div></blockquote></body></html>