Error message "Lifetime validation failed" when trying to login via Single-Sign-On
"The token is expired" , "Token is not valid anymore"or "the token is not valid yet":
Possible cause:
The server time in Active Directory differs from the time set on the system from which the login attempt was made (time is in the past or in the future). This can cause the validation token, which has a timeout for security, to already be rejected as "expired" or "not yet valid". For security reasons, the generated tokens have only a limited validity (+/- 30 seconds) which is aligned with the respective system time.
Solution:
Please check whether the time in the Active Directory or on the server on which the authentication tool is installed has been set correctly or consistently (e.g. via NTP) The test can be performed simply, for example, by opening a website for time retrieval and comparing it with the respective system time. The deviation tolerance may be a maximum of +/- 30 seconds only.
After clicking on the login button in the browser, a prompt for credentials appears despite single sign-on.
Possible causes:
This can have different reasons:
•The user does not log in with an AD account but with a local Windows user. This can be tested e.g. via the info link (in the AD integration settings) in the ticket system.
•The machine on which the browser is running is not trusted by the server on which the authentication tool is installed.
•The server on which the authentication tool is installed is not implicitly trusted by AD.
•An implicit Windows login is prevented by group policies (or security settings)
Solution:
In that case, please check the relevant settings of the concerned user in AD or in your environment related to the mentioned causes.