Despite having QoreStor correctly configured to use SAML for WebUI sign-in with a supported Identity Provider (IdP)—and having successfully logged in previously—users may now encounter one of the following issues:
As noted on page 5 of the QoreStor 7.1.1 SAML Configuration Guide:
"To prevent login failures, the system clock of the machine where QoreStor is installed must be synchronized with the IdP clock."
If the clocks are out of sync, it can lead to discrepancies in the SAML authentication process, resulting in “Forbidden” or “Invalid Login Details” errors.
To ensure the QoreStor host clock is properly synchronized and to prevent SAML login failures, configure chronyd and verify time synchronization by following these steps:
systemctl enable chronyd
systemctl start chronyd
timedatectl set-ntp true
timedatectl status
chronyc tracking
chronyc sources -v
These commands confirm your system is using an active NTP source and that the clock is synchronized.
Once synchronization is confirmed, try signing in to the QoreStor WebUI again via SAML (e.g., Okta, Microsoft Entra ID, or OneLogin).
If the issue persists, verify that your Identity Provider settings are correct and ensure no firewall or network rules block NTP or SAML-related traffic.