Issue: Users experiencing authentication failures when using SAML-based authentication, particularly with external services like G-Suite.
Root Cause: The Security Assertion Markup Language (SAML) relies on precise time synchronization between the systems involved (identity provider, service provider, and user's device) to ensure the security of authentication transactions.
Ensure Accurate Time Configuration:
Confirm that both the Cloudpath instance and the virtual server have accurate time configurations.
Point NTP configurations to a reliable NTP server, such as RUCKUS's public NTP server (ntp.ruckuswireless.com).
Automatic Time Synchronization:
Set up automatic NTP synchronization to ensure consistent and accurate time across systems.
Regularly monitor NTP synchronization to detect and address any time drift issues promptly.
Follow this guide for instructions on how to configure SAML services in RUCKUS Cloudpath.
How SAML Works:
User requests access to a service.
Service Provider (SP) redirects the user to the Identity Provider (IdP) for authentication.
IdP authenticates the user by requesting credentials (e.g., username and password).
IdP generates a SAML assertion containing authentication information encrypted with the SP's public key and user details.
SAML assertion includes a timestamp to ensure its freshness.
If the SAML assertion is too old (beyond a defined time window), the assertion is considered invalid.
Response to Service Provider:
IdP sends the SAML assertion back to the user's browser.
User's browser submits the SAML assertion to the SP.
SP validates the assertion's authenticity and, if valid, grants access.