From 6190d808ba51c7162aeb25a41e108158675e3762 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Wed, 29 Jun 2022 20:55:32 +0200
Subject: [PATCH] Allow different times between IDP and SP machines

We were having an issue because there was a difference of about 11
seconds between the local times of our machines and the time of the IDP
server. Since right now we can't guarantee the time of these machines is
fully synchronized, for now we're adding a margin of error of one
minute.
---
 config/initializers/devise.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 599d658cb..2300379d0 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -289,7 +289,8 @@ Devise.setup do |config|
   config.omniauth :saml,
                   sp_entity_id: Rails.application.secrets.saml_sp_entity_id,
                   idp_cert: Rails.application.secrets.saml_idp_cert,
-                  idp_sso_service_url: Rails.application.secrets.saml_idp_sso_service_url
+                  idp_sso_service_url: Rails.application.secrets.saml_idp_sso_service_url,
+                  allowed_clock_drift: 1.minute
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or