/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- Only one User is getting the issue: "Response doesn't have any valid assertion which would pass subject validation".
- Issue is happening in normal mode in Chrome, if use incognito mode, no issue.
- Clear browser cache does not help.
Environment
- SAP Analytics Cloud (Enterprise)
Reproducing the Issue
- Login to SAC in normal mode window in Chrome.
- Notice error "Response doesn't have any valid assertion which would pass subject validation." happened.
- If login in incognito mode window, no issue.
Cause
The difference between IssueInstant and AuthnInstant in the SAML response is greater than the default maxAuthenticationAge of 90 days in BTP.
e.g.
- IssueInstant="2023-09-01T09:34:48.303Z"
- AuthnInstant="2023-01-02T09:36:03.853Z"
Resolution
- Reconfigure the user session time out value to smaller one than 90 days in IDP.
or use work around:
- The problematic user logout from IDP to terminate the session manually.
See Also
IssueInstant, AuthnInstant, Response doesn't have any valid assertion which would pass subject validation
Keywords
KBA , LOD-ANA-AUT , SAC Authentication / Login , Problem
Product
SAP Analytics Cloud 1.0
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)