cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X

Odd time limit exceed with SSO, e-signature and Shibboleth

Go to solution
avillanueva
22-Sapphire II
22-Sapphire II
‎Oct 16, 2024 04:25 PM
‎Oct 16, 2024 04:25 PM

Odd time limit exceed with SSO, e-signature and Shibboleth

In my testing I did not see this come up. When I went to complete an esigned workflow task, I was directed to the SSO popup to authenticate, put in my credentials and this came up. I cannot be certain if I sat too long on the page. Anyone seen this and know if this is an adjustment on the IDP side, a server time issue or user error. Odd part is that if I retried the signoff again, it completed normally. I saw this a few times, perhaps 50% but on retry it completed the task so I know the setup is correct. 

avillanueva_0-1729110105126.png

From what I can tell, Shibboleth is reporting error from what it got back from the IDP.

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
avillanueva
22-Sapphire II
22-Sapphire II
(To:jbailey)
‎Oct 29, 2024 02:56 PM
‎Oct 29, 2024 02:56 PM

Found solution here:

https://www.ptc.com/en/support/article/CS359938?source=search

 

View solution in original post

0 Kudos
Notify Moderator
4 REPLIES 4
joe_morton
17-Peridot
17-Peridot
(To:avillanueva)
‎Oct 17, 2024 04:21 PM
‎Oct 17, 2024 04:21 PM

When we first implemented SSO, we had some issues related to the "SP Session Timeout" setting described here: https://www.ptc.com/en/support/article/CS367592?source=search

 

Not sure if that's related to what you're seeing or not. We had Creo users leaving Creo open an inactive for over an hour, so the default setting caused issues.

0 Kudos
Notify Moderator
avillanueva
22-Sapphire II
22-Sapphire II
(To:joe_morton)
‎Oct 22, 2024 07:24 AM
‎Oct 22, 2024 07:24 AM

I think this is more likely the cause. 

https://www.ptc.com/en/support/article/CS325329?source=search

There is another timeout related to the reauthsecure for esignature. Its currently at one second. I will try to make it 0 on the test server to see if I get the same message as production. If that is the case, it should be as simple as upping to 2. I doubt it takes decimals. I must have been right on the knife's edge were most of the time it was within a second and sometimes it ticked past. Makes sense why this is so short. Its just used briefly for validating signature and then poof, goes away, cleared for next time.

Notify Moderator
jbailey
17-Peridot
17-Peridot
(To:avillanueva)
‎Oct 28, 2024 01:31 PM
‎Oct 28, 2024 01:31 PM

For the reauthsecure, it should be long enough for the authentication to complete with the IdP and Windchill to get the user variable. Too low of a number and the session will be invalidated before the user variable can be fetched. Remember, the SSO reauth window session gets killed once the user variable is sent to Windchill anyway. That doesn't mean you should set it to 300000000, but more than 1 or 2 may be acceptable based on your infrastructure needs.

 

 

0 Kudos
Notify Moderator
avillanueva
22-Sapphire II
22-Sapphire II
(To:jbailey)
‎Oct 29, 2024 02:56 PM
‎Oct 29, 2024 02:56 PM

Found solution here:

https://www.ptc.com/en/support/article/CS359938?source=search

 

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags