Symptom
- Only one User is getting the issue: "Response doesn't have any valid assertion which would pass subject validation".
- Issue is happening in normal mode in Chrome, if use incognito mode, no issue.
- Clear browser cache does not help.
Environment
SAP Analytics Cloud (Enterprise)
Reproducing the Issue
- Login to SAC in normal mode window in Chrome with the problematic user.
>> Notice that the below error appears: "Response doesn't have any valid assertion which would pass subject validation."
Cause
The difference between "IssueInstant" and "AuthnInstant" in the SAML response is greater than the default "maxAuthenticationAge" of 90 days in BTP.
e.g.
- IssueInstant="2023-09-01T09:34:48.303Z"
- AuthnInstant="2023-01-02T09:36:03.853Z"
Resolution
- Reconfigure the user session time out value to smaller one than 90 days in IDP.
or use work around:
- The problematic user logout from IDP to terminate the session manually.
See Also
IssueInstant, AuthnInstant, Response doesn't have any valid assertion which would pass subject validation, sso
Keywords
KBA , LOD-ANA-AUT , SAC Authentication / Login , Problem
Product
SAP Analytics Cloud 1.0