Once I deployed an SSO agent on a client location and was scratching my head for weeks to find what is that which is stopping the SSO to work properly. I checked my configurations hundred of times installed the SSO agent on other server with same configuration and it works there but what the hack is going on with this machine which is creating this issue. I checked the OS patch and everything but still NO LUCK !!!
In this article I am going to talk little bit about the root cause of that.
Time Server: SSO Token contains a time stamp which is generated by the server to check the session timeout. My server was residing on a box which was having a time stamp say T and my agent was residing on a box which was having a timestamp T+30 min. Session expiry was 30 minutes.
That's why whenever my agent box gets the SSOtoken and validates the token it always gets the token which is expired.
In the SSO environment please make sure all the servers are having time clock synchronized otherwise you may also have this tricky to debug situations.