Business Community > Controllers > SSO Login "Temporary user is not withing validity period"
< Controllers

SSO Login "Temporary user is not withing validity period"

SSO Login "Temporary user is not withing validity period"

SSO Login "Temporary user is not withing validity period"
SSO Login "Temporary user is not withing validity period"
2025-08-25 11:54:26 - last edited 2025-09-12 10:04:05
Tags: #Controller
Model: OC300  
Hardware Version: V1
Firmware Version: 5.15.24

Hello,

I have configured SSO Login to OC300 device.
It worked for about one week and since then I get this error message:

{"errorCode":-30199,"msg":"Temporary user is not within the validity period."}

 

I can configure SuperAdmin role as permanently only, therefore I do not understand where the "Temporary user" message comes from ...

 

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:SSO Login "Temporary user is not withing validity period"-Solution
2025-09-12 10:03:55 - last edited 2025-09-12 10:04:05

  @Vincent-TP 

 

The issue has been root caused.

 

If the user is a member of multiple groups and a group name not configured in the omada controller is used for login then the "Temporary user is not within validity period" error occurs.

 

Solutions that work for me:

1. Make sure the user is a member of the only one group configured in the omada controller.

2. For userGroupName always use the one group configured in the omada controller.

 

Recommended Solution
  1  
  1  
#7
Options
7 Reply
Re:SSO Login "Temporary user is not withing validity period"
2025-08-28 07:39:15

Hi  @relvy 

 

Please share a screenshot of the account page. You may mask the accounts, but please display the Role type and VALID PERIOD section.

It's possible that you accidentally logged in with a temporary account, or inadvertently set your account as a temporary one.

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#2
Options
Re:SSO Login "Temporary user is not withing validity period"
2025-08-28 10:37:32

  @Vincent-TP 

 

Screenshot from Accounts -> SAML Role:

 

Screenshot from Accounts -> SAML User:

 

Screenshot from Accounts -> Role:

 

The Accounts -> User page has the local Owner only.

  0  
  0  
#3
Options
Re:SSO Login "Temporary user is not withing validity period"
2025-08-29 02:24:17

Hi  @relvy 

 

Thank you for the reply. We will check it locally.

 

To verify, when did you first create this account, within a week? or more than one week? 

Is it the first time you see this error?

 

Is your OC300 the latest firmware version 1.30.7?

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#4
Options
Re:SSO Login "Temporary user is not withing validity period"
2025-08-29 11:07:20

  @Vincent-TP 


Yes, my OC300 is latest firmware version.

 

> To verify, when did you first create this account, within a week? or more than one week? 

 

It took me almost 2 days of configuration (in particular the base64 encoded relay state was tricky), then it worked. I got the OC300 dashboard coming from the IdP.

 

> Is it the first time you see this error?

 

Yes, it (still) is.
Any other error such as "Invalid request" was related to an configuration error before it worked.

  0  
  0  
#5
Options
Re:SSO Login "Temporary user is not withing validity period"
2025-09-03 06:23:03

  @relvy 

 

Thank you so much for taking the time to post the issue on the TP-Link community!
To better assist you, I've created a support ticket via your registered email address and escalated it to our support engineer to look into the issue. The ticket ID is TKID250905992. Please check your email box and ensure the support email is well received. Thanks!
Once the issue is addressed or resolved, please update this topic thread with your solution to help others who may encounter the same problem as you did.
Many thanks for your excellent cooperation and patience!

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#6
Options
Re:SSO Login "Temporary user is not withing validity period"-Solution
2025-09-12 10:03:55 - last edited 2025-09-12 10:04:05

  @Vincent-TP 

 

The issue has been root caused.

 

If the user is a member of multiple groups and a group name not configured in the omada controller is used for login then the "Temporary user is not within validity period" error occurs.

 

Solutions that work for me:

1. Make sure the user is a member of the only one group configured in the omada controller.

2. For userGroupName always use the one group configured in the omada controller.

 

Recommended Solution
  1  
  1  
#7
Options
Re:SSO Login "Temporary user is not withing validity period"
2025-09-15 06:29:51 - last edited 2025-09-15 07:34:04

Another solution that came up to me is using OAuth2/OIDC because it works regardless of the group membership.
However, this requires the Omada Controller to support OAuth2/OIDC.

Edit: I filed a feature request for OAuth2/OIDC. See https://community.tp-link.com/en/business/forum/topic/841554

  0  
  0  
#8
Options

Information

Helpful: 0

Views: 459

Replies: 7

Tags

Controller
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.