0

I have a java spring security app that authenticates against Azure AD with SAML. With default settings, when the token is returned from MS back to my apps, the "notOnOrAfter" date is in the past, regardless when the user actually logged into their Microsoft account.

I have added forceAuthN=true parameter - this solved the issue of expired tokens, however at the expense of having to re-enter the username/password on every login request. Now the users are asking why they have to re-login in for my app when this works seamlessly for other apps they use that authenticate to Azure AD.

I tried playing around with different values for forceAuthN and passive - but still no luck.

Is there anything I can do (either in my application or in the setup of then enterprise application in Azure AD) to get seamless login working?

Aleks G
  • 56,435
  • 29
  • 168
  • 265

1 Answers1

0

Normally this type of error occurs when your server time is different than AAD time. Please check the time set in your server and see if because of some recent patching or some activity it has changed.

GitGood
  • 3
  • 1
  • Thanks for your answer, but the times are correct. The server is auto-allocated Azure VM, with time on it automatically synced against this same AD. – Aleks G Feb 27 '23 at 15:00