ID4223 Exception of type 'System.Web.HttpUnhandledException' was thrown. Authentication With Server Failed : ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter condition is not satisfied.

Symptoms

When trying to open a form you receive the error: ID4223 - Exception of type 'System.Web.HttpUnhandledException' was thrown. Authentication With Server Failed : ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter condition is not satisfied. NotOnOrAfter: :DateTime] Current Time: :DateTime]

Diagnoses

This error happens when the clock on the ADFS server and the clock on the machine hosting the website are not synchronized.

Resolution

1) Restart Windows Timer Service
2) Run w32tm /resync in a elevated command prompt
3) iisreset
4) Restart K2 server
5) Restart SQL Server

Disable connection pooling by adding <add key="Forms.UseConnectionPooling" value="false"/> to the configSections section of the web.config of the Designer, Runtime and Workflow sites.

OR
Extend the token lifetime of the bootstrap token to 9 hours (540 minutes) for example, which will cover a typical working day. Execute the following commands in Windows PowerShell on the environment hosting the AD FS service to change this:
Add-PSSnapin Microsoft.Adfs.PowerShell
Set-ADFSRelyingPartyTrust -Targetname "Designer" -TokenLifetime 540
Set-ADFSRelyingPartyTrust -Targetname "Workflow" -TokenLifetime 540
Set-ADFSRelyingPartyTrust -Targetname "Runtime" -TokenLifetime 5

Be the first to reply!

Reply

View our Community Site Map

Reply

View our Community Site Map

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded