From d356588339db627397e84e98d3468a4c996253ab Mon Sep 17 00:00:00 2001
From: Marcus Schopen <lists@localguru.de>
Date: Wed, 18 Nov 2020 13:36:28 +0100
Subject: SAML: Document allowing a clock/time difference from IdP (#8731)

Updates the sample configuration with the pysaml2 configuration for
accepting clock skew/drift between the homeserver and IdP.
---
 docs/sample_config.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'docs')

diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index e9e77ca94e..bedc147770 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1546,6 +1546,12 @@ saml2_config:
     #  remote:
     #    - url: https://our_idp/metadata.xml
 
+    # Allowed clock difference in seconds between the homeserver and IdP.
+    #
+    # Uncomment the below to increase the accepted time difference from 0 to 3 seconds.
+    #
+    #accepted_time_diff: 3
+
     # By default, the user has to go to our login page first. If you'd like
     # to allow IdP-initiated login, set 'allow_unsolicited: true' in a
     # 'service.sp' section:
-- 
cgit 1.5.1