Details
Description
Problem Statement : I have an cluster where my IDP server and Hue server is having an Time difference of Milli seconds and due to which when i try to login via SAML sometimes i happened to have this error :
[06/Oct/2020 15:00:14 +0000] response ERROR Exception on conditions: Can't use it yet 1601989214 <= 1601989220 [06/Oct/2020 15:00:14 +0000] client_base ERROR XML parse error: Can't use it yet 1601989214 <= 1601989220 [06/Oct/2020 15:00:14 +0000] views ERROR Error processing SAML Assertion. . . . File "/opt/cloudera/parcels/CDH-5.16.2-1.cdh5.16.2.p0.8/lib/hue/build/env/lib/python2.7/site-packages/pysaml2-4.4.0-py2.7.egg/saml2/validate.py", line 105, in validate_before raise ToEarly("Can't use it yet %d <= %d" % (now + slack, nbefore)) ToEarly: Can't use it yet 1601989214 <= 1601989220
the issue is as described inhttps://medium.com/@PrakhashS/saml-assertion-condition-notbefore-notonorafter-problem-due-to-unsynced-clocks-explained-90455bc8822f .
Pysaml allows to configure an accepted_time_diff (https://pysaml2.readthedocs.io/en/latest/howto/config.html#accepted-time-diff ) for tackling the same.
I want this value to be configured from hue.ini .