Authentication issue instant is too old or in the future
- The user’s session in the SSO provider is too old.
- The system clocks of the SSO provider and the Lenses instance are out of sync.
For security purposes, Lenses prevents authenticating SSO users that have remained logged in SSO for a very long time.
Example: You use Okta SSO and, you logged in to Okta a year ago. Okta might allow you to remain logged in along that year
without having to re-authenticate. Lenses has a limit of
100 days. In that case, Lenses will receive an authenticated user
that originally logged in before the 100 days mark.
- Ensure that the SSO and Lenses system clocks are in sync.
- If the SSO provider supports very long sessions either:
- Log out of the SSO and log back in. This explicitly renews the SSO session.
- Increase the Lenses limit to more than
lenses.security.saml.idp.session.lifetime.max = 365days
See all SSO options .