FAQs

Authentication instances too old or in the future

The error that you see

Authentication issue instant is too old or in the future

What causes it

1. The user’s session in the SSO provider is too old.

2. The system clocks of the SSO provider and the Lenses instance are out of sync.

For security purposes, Lenses prevents authenticating SSO users that have remained logged in SSO for a very long time.

Example: You use Okta SSO and, you logged in to Okta a year ago. Okta might allow you to remain logged in along that year without having to re-authenticate. Lenses has a limit of 100 days. In that case, Lenses will receive an authenticated user that originally logged in before the 100 days mark.

How to solve it

1. Ensure that the SSO and Lenses system clocks are in sync.

2. If the SSO provider supports very long sessions either:

   1. Log out of the SSO and log back in. This explicitly renews the SSO session.

   2. Increase the Lenses limit to more than 100 days.

Example:

lenses.security.saml.idp.session.lifetime.max = 365days