Received an assertion that is valid in the future.Check clock synchronization…

  • Dwight
    # 2 months, 3 weeks ago

    I have set up miniOrange in a wordpress instance to allow users to authenticate through Azure AD redirect. This was working a couple of months ago, but sometime in the last few weeks, the plugin was disabled due to two instances using the same miniOrange license. I realized I needed to buy a new license because we were accidentally sharing the miniOrange license with another wordpress site. When I purchased another license and entered the new license information through a wordpress login, it was accepted, and the plugin appeared to be happy again. I signed out and successfully logged in through Azure AD, but when redirected back to my wordpress site, the plugin gave me the following error;

    “Received an assertion that is valid in the future. Check clock synchronization on IdP and SP.”

    One thing I did notice is that my license was bought at 1pm today, but shows a purchase time of 6pm. That could be because it is in UTC (no time zone is listed), but since this is a clock mismatch problem it seemed worth mentioning. I am not sure how to tell what the server time is on the Azure end, or the miniOrange end, but that seems like it is probably a red herring.

    Does anyone have any ideas how to go about fixing this?

    Gaurav Singh
    # 2 months, 3 weeks ago

    Hello Dwight,

    This error occurs when the SP tries to access the SAML Response at a time which was before the lower limit of the time constraint as specified in the response.
    This may occur when the IDP and SP clocks are out of sync.
    You needn’t worry about the server time at Azure AD’s or miniOrange’s end for this. Just make sure that the time of your wordpress site’s server is set properly.
    If this didn’t fix the issue, please send me the SAML request and response so that we can pinpoint the issue.

    Thanks.

    Dwight
    # 2 months, 3 weeks ago

    Do you have any idea how I would do that in Dreamhost and/or Dreampress?

    Gaurav Singh
    # 2 months, 3 weeks ago

    The servers are usually synchronized with NTP, but occasionally NTP can fail, which needs to be fixed at Dreamhost’s end. You would need to contact Dreamhost support to fix it.

Viewing 4 posts - 1 through 4 (of 4 total)

Reply