Overview
This article explains how to troubleshoot the "There was a problem in validating the response: Current time (yyyy-mm-dd hh:mm:ss) is earlier than NotBefore condition (yyyy-mm-dd hh:mm:ss)" error.
This error occurs when a customer configures the Active Directory Federation Service (ADFS) for SSO (Single Sign-On) login.
Error
There was a problem in validating the response: Current time (yyyy-mm-dd hh:mm:ss) is earlier than NotBefore condition (yyyy-mm-dd hh:mm:ss)" error.
This error occurs when a customer configures the ADFS for SSO login. The SSO login fails.
Cause
The "NotBefore” and “NotOnOrAfter” conditions signify that there is a time difference. If the SAML token is presented to the Druva Cloud BEFORE the "NotBefore" time, or ON or AFTER the "NotOnOrAfter" time, then the SAML token fails validation. You get the following error message on the Druva Cloud page:
Unable to Validate Signature on SAML Token.
This error occurs when the ADFS and the Druva cloud clocks are not in sync as per the UTC time. This mainly occurs with the local time set on the ADFS server.
Resolution
Verify the current time and the time configured on the ADFS server. Correct the time on the ADFS server to fix the issue.
For more information, refer to the ADFS: SAML Tokens and Validation Issues when Federated with TFIM article.
Apply to
ADFS server 2.0 and 3.0