1. 主页
  2. 支持
技术文章 - CS384761

登录 Windchill 时出现错误“opensaml::SecurityPolicyException: 消息已过期,发出时间太久”

已修改: 09-May-2024   


注意:本文已使用机器翻译软件翻译,以方便非英语客户阅读。但翻译内容可能包含语法错误或不准确之处。请注意, PTC对本文所含信息的翻译准确性及使用后果不承担任何责任。请在 此处 查看本文的英文原始版本以便参考。有关机器翻译的更多详情,请单击 此处
感谢您告诉我们。我们将尽快审阅此译文。

适用于

  • FlexPLM 12.0
  • Windchill PDMLink 12.0 to 13.0
  • Shibboleth Service Provider (Shibboleth SP)

说明

  • 登录 Windchill 时出现以下错误
  • opensaml::SecurityPolicyException at (https://xxxxx.xxxx.xxx/Shibboleth.sso/SAML2/POST)

Message expired, was issued too long ago
密码.jpg
  • opensaml::SecurityPolicyException at (https://xxxxx.xxxx.xxx/Shibboleth.sso/SAML2/POST)

Message rejected, was issued in the future
SSO问题
ShibbolethSP 日志报告以下错误:
Date && Time DEBUG OpenSAML.MessageDecoder.SAML2 [4] [default]: extracting issuer from SAML 2.0 protocol message
Date && Time DEBUG OpenSAML.MessageDecoder.SAML2 [4] [default]: message from (http://xxxxxx.xxxx.xxx/adfs/services/trust)
Date && Time DEBUG OpenSAML.MessageDecoder.SAML2 [4] [default]: searching metadata for message issuer...
Date && Time DEBUG OpenSAML.MessageDecoder.SAML2 [4] [default]: recovered request/response correlation value (_65bdb674957acc13c380be59678e2910)
Date && Time DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [4] [default]: evaluating message flow policy (correlation off, replay checking on, expiration 60)
Date && Time WARN OpenSAML.SecurityPolicyRule.MessageFlow [4] [default]: rejected not-yet-valid message, timestamp (1688537531), newest allowed (1688537524)
Date && Time WARN Shibboleth.SSO.SAML2 [4] [default]: error processing incoming assertion: Message rejected, was issued in the future.
Date && Time DEBUG Shibboleth.Listener [4] [default]: dispatching message (default/SAML2/POST)
Date && Time DEBUG OpenSAML.MessageDecoder.SAML2POST [4] [default]: validating input
Date && Time DEBUG OpenSAML.MessageDecoder.SAML2POST [4] [default]: decoded SAML message:
<samlp:Response ID="_75acc64d-eaf5-4e67-97ac-d454f1f4b7df" Version="2.0" IssueInstant="2023-07-05T06:12:11.747Z" Destination=https://xxxxxx.xxxx.xxx/Shibboleth.sso/SAML2/POST Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="_65bdb674957acc13c380be59678e2910" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">......
这是文章 384761 的 PDF 版本,可能已过期。最新版本 CS384761