SAP Knowledge Base Article - Public

3374594 - Error: "Response doesn't have any valid assertion which would pass subject validation" occurs when a specific user tries to login to SAC (SAP Analytics Cloud)

Symptom

  • Only one User is getting the issue: "Response doesn't have any valid assertion which would pass subject validation". 
  • Issue is happening in normal mode in Chrome, if use incognito mode, no issue. 
  • Clear browser cache does not help.

 

Environment

SAP Analytics Cloud (Enterprise)

Reproducing the Issue

  1. Login to SAC in normal mode window in Chrome with the problematic user.
    >> Notice that the below error appears: "Response doesn't have any valid assertion which would pass subject validation."

Cause

The difference between "IssueInstant" and "AuthnInstant" in the SAML response is greater than the default "maxAuthenticationAge" of 90 days in BTP. 

e.g. 

  • IssueInstant="2023-09-01T09:34:48.303Z"
  • AuthnInstant="2023-01-02T09:36:03.853Z"

Resolution

  • Reconfigure the user session time out value to smaller one than 90 days in IDP. 

or use work around:

  • The problematic user logout from IDP to terminate the session manually.

See Also

IssueInstant, AuthnInstant, Response doesn't have any valid assertion which would pass subject validation, sso

Keywords

KBA , LOD-ANA-AUT , SAC Authentication / Login , Problem

Product

SAP Analytics Cloud 1.0