Shibboleth request timestamp issue

oliverorav · September 26, 2017, 7:44am

Trying to implement SSO with Shibboleth in our enterprise.
Ran into issue where our Microsoft SAML server refuses to accept the request sent by Rancher:
MSIS0018: The SAML protocol message cannot be read because it contains data that is not valid. --> System.FormatException: String was not recognized as a valid DateTime.

Seems that Rancher writes timestamp in more detail than Microsoft can handle. It looks like the reason may lay within the very nature of the DateTime-structure in .NET which is based on 100-nanosecond, but would it be possible to add configuration for the format of the timestamp?

cjellick · September 26, 2017, 4:34pm

Could you open an issue for this at: https://github.com/rancher/rancher/issues

I can’t promise we’ll get to this immediately, but that having it over there will help us assess and prioritize it.

oliverorav · September 27, 2017, 5:40am

Thank you.
For anybody else, I created the issue #9953.

Topic		Replies	Views
Shibboleth configuration problems, client timeout in the logs Rancher 1.x	0	819	November 10, 2017
Shibboleth & Rancher 2.8.0 Rancher	1	128	January 12, 2024
Authentication with unsupported SAML provider	2	898	February 21, 2019
Support for SAML via Shibboleth? Rancher	4	696	August 1, 2019
Rancher 1.6.12 Support with OneLogin IdP Rancher 1.x	1	1076	December 17, 2018

Shibboleth request timestamp issue

Related topics