戻る
-
タイトル
Signing in via SSO using OIDC results in Error: "IDX10248: X509SecurityKey validation failed. The associated certificate is not yet valid." -
説明
It was observed that when signing in with a SSO solution via OpenID Connect (OIDC), the following error is presented:
"[Error] X509SecurityKey validation failed. The associated certificate is not yet valid. ValidFrom: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]', Current time: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'"
This error will occur whenever the SSO rotates the certificate. Verified from the SSO implementation that the certificate is at the time of issue, meaning on the same day and definitely before the OIDM calls SSO for the certificate. However, the issue is also observed to resolve by itself on the next day. -
原因
The error is caused by a defect in an external library that is used by Identity Manager (1IM).
What was observed was due to the issue described in the discussion link, NotBefore/NotAfter and timezones.
The "not before" time was not reached and therefore the error is thrown. -
対策
WORKAROUND
None
STATUS
The fix will be implemented in the next release, version 8.2. However there is no hotfix available for this defect ID (34900) for prior versions. -
変更要求
34900