+2
All of a sudden below error has appeared on opening the web designer. Any idea what could be the reason ?
Workspace is accessible, though its running under the same IIS site as Designer.
| Server ErrorID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter condition is not satisfied. NotOnOrAfter: '5/19/2014 4:06:20 PM' Current time: '5/19/2014 6:33:15 PM' |
| More Details |
+6
Hi Parul,
I have seen this error before, here are some suggestions:
1) Restart Windows Timer Service
2) Run w32tm /resync in a elevated command prompt
3) iisreset
4) Restart K2 server
5) Restart SQL Server
Disable connection pooling by adding <add key="Forms.UseConnectionPooling" value="false"/> to the configSections section of the web.config of the Designer, Runtime and Workflow sites.
OR
Extend the token lifetime of the bootstrap token to 9 hours (540 minutes) for example, which will cover a typical working day. Execute the following commands in die Windows PowerShell on the environment hosting the AD FS service to affect this:
Add-PSSnapin Microsoft.Adfs.PowerShell
Set-ADFSRelyingPartyTrust -Targetname "Designer" -TokenLifetime 540
Set-ADFSRelyingPartyTrust -Targetname "Workflow" -TokenLifetime 540
Set-ADFSRelyingPartyTrust -Targetname "Runtime" -TokenLifetime 5
Hopefully this helps.
Regards,
+2
Thanks Taariq Benn,
Looks the issue is with the bootstrap token life time.
Though I did all these steps yesterday, it was not working. But when I checked today morning it is working as it supposed to be.
1) Restart Windows Timer Service
2) Run w32tm /resync in a elevated command prompt
3) iisreset
4) Restart K2 server
5) Restart SQL Server
So it must be something with the token. I will follow the instructions to extend the token lifetime, if it occurs again.
Do you happan to have any link where I can find more information about how authentication works in K2 & about token lifetime.
Thanks !
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.