SAML portal - problema con el acceso federado



Hace unos días hemos detectado un problema con el acceso federado a DigiCert SAML portal que hace que al seleccionar el IdP y autenticarnos, vayamos otra vez a la misma página de selección del IdP, en lugar de a la página de solicitud de certificado.

Este fallo se produce de forma aleatoria y puede que tengamos que reintentar el acceso muchas veces hasta poder entrar (hemos llegado a intentarlo 21 veces).

El problema está reportado y el equipo de DigiCert está trabajando en ello. Nos han comentado:


I got word back that they are still checking into the accuracy of the server times which they believe is causing the issue. It sounds like they should be able to have this resolved within the next day or two if the error is in fact what they think it is.


From our logs, it appears the issue is primarily caused by a difference in the clocks and timestamps of assertions to and from the DigiCert SP. We increased the “grace” period for these time differences, but continued to see errors logging. At that point, it became clear there were either really large time differences (greater than 20 minutes, which is a huge deviation for computers to consistently have) or something else is causing an interpretation of a time difference which doesn’t exist. We’re investigating the second scenario currently, after confirming clock settings on our side are accurate and syncing to multiple, consistent, and reliable NTP servers.


Según hemos podido comprobar, a las 19 horas parece que el problema ha sido solucionado. Estamos a la espera del informe oficial.