I need to set the SkewClock into my IdentityProvider SAML which does the bridge with an ADFS server.
I know it is possible to set the SkewCloak when I have a client application using SAML, but in this case the client itself is the keycloak.
Currently I’m using KC 4.8.3 and I can upgrade to a new version if necessary.
I looked into the code and it looks like at the moment we don’t support this, the code is here: https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java#L436. I think this won’t be hard to add similarly as for OIDC identity providers as one of configuration option. Feel free to create a feature request in our issue tracker. Contribution is welcome.
I wonder if you solved this issue?
I am facing the exact same problem with a Keycloak instance running in a container.
Hello @SamyOteroGlez. When you create SAML identity provider there is an Allowed clock skew option.
Hi Samy, yes, it has been fixed on the Keycloak 9 version.
It is already possible to set the values in the interface.