Skip to main content
SSO login failure
Updated over 6 months ago

Overview

This article explains how to troubleshoot the "There was a problem in validating the response: Current time (yyyy-mm-dd hh:mm:ss) is earlier than NotBefore condition (yyyy-mm-dd hh:mm:ss)" error.

This error occurs when a customer configures the Active Directory Federation Service (ADFS) for SSO (Single Sign-On) login.

Error

There was a problem in validating the response: Current time (yyyy-mm-dd hh:mm:ss) is earlier than NotBefore condition (yyyy-mm-dd hh:mm:ss)" error.

This error occurs when a customer configures the ADFS for SSO login. The SSO login fails.

Cause

The "NotBefore” and “NotOnOrAfter” conditions signify that there is a time difference. If the SAML token is presented to the Druva Cloud BEFORE the "NotBefore" time, or ON or AFTER the "NotOnOrAfter" time, then the SAML token fails validation. You get the following error message on the Druva Cloud page:

Unable to Validate Signature on SAML Token.

SSO_login_failure.png

This error occurs when the ADFS and the Druva cloud clocks are not in sync as per the UTC time. This mainly occurs with the local time set on the ADFS server.

Resolution

Verify the current time and the time configured on the ADFS server. Correct the time on the ADFS server to fix the issue.

For more information, refer to the ADFS: SAML Tokens and Validation Issues when Federated with TFIM article.

Apply to

ADFS server 2.0 and 3.0

Did this answer your question?