Univention Bugzilla – Bug 55719
python-pysaml2: wrong timeformat
Last modified: 2023-02-16 14:22:49 CET
A customer with external keycloak as identity provider saw tracebacks like this when trying to login: " File "/usr/lib/python3/dist-packages/saml2/validate.py", line 110, in validate_before "<= notbefore=%s" % (now_str, slack, not_before)) saml2.validate.ToEarly: Can't use response yet: (now=2023-40-10T11:40:01Z + slack=0) <= notbefore=2023-02-10T11:40:02.147Z" Rootcause was a typo in the python-pysaml2: https://github.com/IdentityPython/pysaml2/commit/4f0a45c361bbd46b1f56f468d4712c0ef9797c1b As no user was able to login the pain was (very) high.