Assertion Expired immediately on Multiple Audience Restrictions on RH-SSO With External IdP
Issue
- Seeing message in browser
Login timeout. Please login again.
-
server.log
shows the following error message:INFO [org.keycloak.saml.validators.ConditionsValidator] (default task-11) Assertion _0123456789abcef0123456789abcef is not addressed to this SP. ERROR [org.keycloak.broker.saml.SAMLEndpoint] (default task-11) Assertion expired. WARN [org.keycloak.events] (default task-11) type=IDENTITY_PROVIDER_RESPONSE_ERROR, realmId=XYZ, clientId=null, userId=null, ipAddress=10.0.0.204, error=invalid_saml_response
Environment
- Red Hat Single Sign-On (RH-SSO)
- 7
- SAML
- External IdP (Identity Provider)
- Successful redirection from IdP to RH-SSO server
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.