Authentication Timeout Results in 401 Error

You may encounter the following error when a user attempts to login:

{
  error: "Unauthorized",
  message: "Authentication Failed: Error validating SAML message",
  status: 401,
  timestamp: 1553109495710
}


This issue occurs because of a known issue in Spring. Spinnaker does not accept SAML tokens signed by a user who authenticated more than 2 hours ago even if your authentication system allows it.

For Armory Spinnaker versions 2.3.0 or later, you can set the maximum authentication age for Spinnaker to match the age you specify for your authentication system.

Configure the following property in your profiles/gate-local.yml file at the root level:

saml:
  maxAuthenticationAge: <time in seconds for authentication age timeout>
×

Subscribe

The latest tutorials sent straight to your inbox.