SANtricity System Manager SAML 会话在 5 分钟后超时
适用场景
- NetApp SANtricity操作系统
- 安全断言标记语言 (SAML) 配置
- Okta身份提供商
问题描述
- SANtricity System Manager SAML 会话在 5 分钟后不断超时,并且浏览器报告:
The server has logged you out. Log in to return to System Manager - 在 E 系列 AutoSupport 或支持包日志中,
web-server-trace.log记录会话在约 5 分钟后失效:
2025-04-16 18:26:57,620 INFO [jetty-1164033] c.n.e.a.r.s.SamlImpl [LoggingFilter.java:416] [requestId=XXX, deviceId=N/A {"authId":"unknown","authType":"unknown","resource":"/devmgr/v2/saml/login","remoteAddress":"10.X.XX.XX",
"method":"POST","query":"redirect=false","status":"200","executionTime":"8"}
2025-04-16 18:26:58,629 INFO [jetty-1164053] c.n.e.a.r.s.SamlImpl [LoggingFilter.java:416] [requestId=XXX, deviceId=N/A {"authId":"XXX","authType":"saml","resource":"/devmgr/v2/saml/assertion","remoteAddress":"10.X.XX.XX","method":"POST",
"query":null,"status":"303","executionTime":"7"}...
2025-04-16 18:32:03,998 INFO [jetty-1164053] c.n.e.a.r.AuthFilter [AuthFilter.java:268] [requestId=0, deviceId=1] Invalidating session, saml assertion is expired for samlAssertionId=null
- Okta 识别提供商的最大应用程序会话生命周期值设置为大于 5 分钟的值。此设置将
SessionNotOnOrAfterSAM 断言中的值。在下面的示例中,该值设置为 1 小时。
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
ID="id-8642639103648655255983945250"
IssueInstant="2025-04-30T18:02:33.836Z”
...
<saml2:AuthnStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
AuthnInstant="2025-04-30T18:02:33.413Z"
SessionIndex="_5ac3a4afb86b3ec72628bb4523e91319"
SessionNotOnOrAfter="2025-04-30T19:02:33.836Z"
<saml2:AuthnContext