JWT/AD IAT value is off by more than 3 minutes
When I set the JWT plugin to debug mode I am presented with the IAT attribute that is being sent, placing that in an Epoch time converter shows that the time being sent to the Zendesk servers are identical to what the NTP time servers are presenting as the current time.
-
For anyone having problems with this code and the server time being out, you will need to modify the utils.asp file to adjust for timezone difference. Zendesk servers are in UTC time, if your server isn't in UTC, then it will pass back the incorrect time and not authenticate with an error of "The supplied iat value is more than 3 minutes off, check your server clock."
To fix this find the following lines
dtmAdjusted = DateAdd("n", lngBias, dtmDateValue)
dtmAdjusted_date = dtmAdjustedAnd modify it to the following, making sure you adjust the X in DateAdd("h", X, dtmAdjusted), to how ever many hours you are in front of behind UTC time.
dtmAdjusted = DateAdd("n", lngBias, dtmDateValue)
dtmAdjusted_timeshift = DateAdd("h", X, dtmAdjusted)
dtmAdjusted_date = dtmAdjusted_timeshiftSo an example for Sydney, Australia would be -18
dtmAdjusted = DateAdd("n", lngBias, dtmDateValue)
dtmAdjusted_timeshift = DateAdd("h", -18, dtmAdjusted)
dtmAdjusted_date = dtmAdjusted_timeshiftI also had a small stumbling block when trying to login as an agent, with agents with multiple sign in options, Zendesk would have another fit. So test the login with an end-user instead.
-
Thanks for taking the time to share this with everyone Longathrow!
Please sign in to leave a comment.
2 Comments