Forum / Devolutions Password Server - Support

Token Expired using SSO - Office 365

  • Create an Issue
  • Cancel

When logging into our Password Server using our SSO from Office 365 we get these errors:

SecurityTokenExpiredException - IDX10223: Lifetime validation failed. The token is expired. ValidTo: '04/29/2019 15:44:58', Current time: '04/30/2019 06:12:08'. at Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime(Nullable`1 notBefore, Nullable`1 expires, SecurityToken securityToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateLifetime(Nullable`1 notBefore, Nullable`1 expires, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at Devolutions.Server.TokenValidationHandler.d__9.MoveNext() --- Login

We do get logged logged in but every time an error gets reported. Is there a way to extend this token's lifetime?

Clock7 mths

Hello,

What Devolutions Password Server version are you using?

Best regards,



Érica Poirier

signaturesignature

Clock7 mths

Version 6.1.3.0

Clock7 mths

Hello,

Thank you for the information.

Are you using only the DPS web interface or you are connecting to it using Remote Desktop Manager?

The only configurable token value is the Token Valid Time in Administration - Password Server Settings - Advanced but I don't think this one will have an impact on that error message. Here is the online help page about that parameter.
https://helpserver.devolutions.net/webinterface_advanced.htm

Best regards,



Érica Poirier

signaturesignature

Clock7 mths

Erica,

No, that doesn't seem to be the setting.

We are using Password vault manager enterprise edition v10.0.0.0 64bit version.

Jelte

Clock7 mths

Hello,

We have been able to reproduce your issue and a ticket has been submitted to our engineering department. The internal ticket number is DPS-3084. The error will not impact the PVM and DPS functionality.

About your Password Vault Manager v10, if you haven't read the following blog article, this could be an interesting offer as PVM being phased out, we’ve decided to replace PVM with RDM for free!
https://blog.devolutions.net/2019/03/important-announcement-password-vault-manager-now-fully-integrated-in-remote-desktop-manager

Best regards,



Érica Poirier

signaturesignature

Clock7 mths

We still get these errors when logging into Devolutions Password Server's web portal using Office 365 login.

"
The following error was received by at 7/22/2019 9:55:01 AM
Error:
SecurityTokenExpiredException - IDX10223: Lifetime validation failed. The token is expired. ValidTo: '07/18/2019 15:11:02', Current time: '07/22/2019 07:55:01'. at Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime(Nullable`1 notBefore, Nullable`1 expires, SecurityToken securityToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateLifetime(Nullable`1 notBefore, Nullable`1 expires, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at Devolutions.Server.TokenValidationHandler.d__14.MoveNext() --- Login
Source:
Microsoft.IdentityModel.Tokens

"

Do you know if there's a solutions or explenation for this?

Clock4 mths


Hello,

Are you still using DPS version 6.1.3?

Do you get this error message even on recent connections to the DPS instance?

Best regards,



Érica Poirier

signaturesignature

Clock4 mths


Hello,

Could you please check if the machine on which the DPS is hosted is on the same time zone as the one you have on your local computer?

If it's the same, are both clocks are synchronized?

That is maybe two causes why you still get that expired token error message.

Best regards,



Érica Poirier

signaturesignature

Clock4 mths

We upgraded our version to 2019.1.17.0 with no difference in the error.

Time on all machines is exact the same.

Strange this is that the difference between Valid to and current time is always exactly 4 days.

. The token is expired. ValidTo: '07/18/2019 15:11:02', Current time: '07/22/2019 07:55:01'.

Clock4 mths


Hello,

Thank you for the information.

Everything we could find online regarding this Office365 error is related to unsynchronized clocks between the server and the client. They must be set on the same time zone, same date and same hour. Another thing that could cause the issue is there is still invalid information in the browser cache.

Could you please clear your browser cache? If you are using RDM, please clear the local cache file using CTRL+F5.

Let me know if the issue still exist.

Best regards,



Érica Poirier

signaturesignature

Clock4 mths

We are getting this same error using O365 Auth/ with DPS 2019.1.20.0. Happens at login and we get 3 notifications that are the same, each time.


2019-10-07_16-59-02.png
Clock2 mths

Hello,

Could you please verify that all involved machines are on the exact same time (DPS machine, user computer)?

Then please ask the user to clear his browser cache before logging back on the DPS web interface. Let me know if that help!

Best regards,



Érica Poirier

signaturesignature

Clock2 mths

We're also still getting the notifications as well even after clearing the cache. But it's not every time I log on.

There is no time difference between the server and the clients. The difference between the "ValidTo" date and the current time is days, not minutes.

For the moment I'm ignoring these errors because they don't seem to effect the entries or web interface functionality.

2019-10-08 10_10_29-Devolutions Password Server - Error report - Message (HTML).png
Clock2 mths