Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Increase default allowed clock drift #151

Open
blancharda opened this issue Jun 14, 2024 · 0 comments
Open

Increase default allowed clock drift #151

blancharda opened this issue Jun 14, 2024 · 0 comments
Labels
enhancement ✨ New feature or request

Comments

@blancharda
Copy link
Contributor

Is your feature request related to a problem? Please describe.

The default allowed clock drift for SAML client access appears to be 1 second. Even clusters with properly configured NTP may run into issues depending on how often they are synced and how heavily they drift and/or how geographically distributed the nodes are.

We should consider increasing this limit to something a little less aggressive (2s, 5s.. etc)

Describe the solution you'd like

According to the docs this could be accomplished by adding an allowed_clock_drift field to our gitlab-sso secret args.

We could also consider making the field configurable via Zarf var.

Additional context

I think there is benefit to keeping the value small, but a little more wiggle room would be nice.
It's also worth calling out time syncing as a requirement in the docs.
@blancharda blancharda added the enhancement ✨ New feature or request label Jun 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement ✨ New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@blancharda