2611084 - SAML 2.0: "CX_SAML20_ASSERTION: Attribute "NotBefore" of the "SubjectConfirmationData" element is not valid. Long text: Attribute "NotBefore" of the "SubjectConfirmationData" element is not valid."

Symptom

When performing a SAML 2.0 authentication it fails, despite the configuration being correct on the Service Provider (SAP NetWeaver AS ABAP).

The Security Diagnostic Tool trace contains error:

CX_SAML20_ASSERTION: Attribute "NotBefore" of the "SubjectConfirmationData" element is not valid. Long text: Attribute "NotBefore" of the "SubjectConfirmationData" element is not valid.

To collect the SAML 2.0 traces access the Security Diagnostic Tool in the AS ABAP system by calling the URL below:

http(s)://<host>:<port>/sap/bc/webdynpro/sap/sec_diag_tool?sap-client=<XXX>

Press the start button, reproduce the scenario and press the stop button.

More information regarding the Security Diagnostic Tool for ABAP can be found here.

Environment

SAP NetWeaver AS ABAP 7.02
SAP NetWeaver AS ABAP 7.30
SAP NetWeaver AS ABAP 7.31
SAP NetWeaver AS ABAP 7.40 and higher

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0

Keywords

identity, service provider, datapower, idp, sp, as abap, netweaver, saml, saml2, saml2.0, authentication, logon , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.