ADFS certificate becomes not trusted until reboot

Question

ADFS certificate becomes not trusted until reboot

netvoip opened this issue a year ago · 7 comments

I'm using django-auth-adfs 1.11.6 with django 4.2.5 and daphne 3.0.2 on fresh installed Ubuntu 22.04. ADFS is signed with public wildcard certificate but system doesn't recognize it and it needs to be imported manually.
The problem is after some time authentication stops working until complete reboot of server is made. It happened two times and simple reboot helped. In logs I see
The token is not yet valid (iat) Unauthorized: /oauth2/callback
No additional info even with debug level except that python -Wd shows that urllib3 does not trust certificate.
What might be the cause of such behavior and what steps additionally might be done to diagnose?

Upvote & Fund

We're using Polar.sh so you can upvote and help fund this issue.
We receive the funding once the issue is completed & confirmed by you.
Thank you in advance for helping prioritize & fund our backlog.

Answer 1 · 2023-09-12T10:04:13.000Z

I suspect system clocks are not in sync.

Answer 2 · 2023-09-12T10:09:39.000Z

As I remember, time difference was not higher than few seconds. Will recheck at next occuring.

Answer 3 · 2023-09-12T11:40:54.000Z

There's also a thing called leeway in tokens, to account for this.
If you see the clocks deviate, you can configure some leeway, see the docs.

Answer 4 · 2023-09-28T08:34:36.000Z

I checked, clocks match perfectly.

Answer 5 · 2023-09-28T18:03:11.000Z

I would still put in some leeway. Otherwise, I have no idea.

Answer 6 · 2023-10-02T09:00:53.000Z

It helped! Thank you very much.

Answer 7 · 2023-10-02T09:03:29.000Z

You're welcome 😊