/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
At logon to Service Provider the following error is seen in the logs:
2023-11-09T08.14.09.009Z timestamp="2023-11-09T08.14.09.009Z", ipAddress="11.000.252.77", severity="ERROR", location="com.sap.security.saml2.idp.api.AuthnRequestValidationService", crtAccount="iastenantid", authenticatedSubject="anonymous", correlationId="41A363DF-OOOO-9999-OOOO-7E2AD2B3B02B", message="The received SAML2 message has been issued at Thu Aug 17 05:29:31 GMT 2023, which is not within the expected time frame. The message has either expired or is not yet valid."
2023-11-09T08.14.09.009Z timestamp="2023-11-09T08.14.09.009Z", ipAddress="11.000.252.77", severity="ERROR", location="com.sap.security.saml2.idp.endpoints.sso.SSOEndpointErrorLogger", crtAccount="iastenantid", authenticatedSubject="anonymous", correlationId="41A363DF-OOOO-9999-OOOO-7E2AD2B3B02B", message="Identity Provider could not process the authentication request received due to client error. The message has either expired or is not yet valid. Caused by: Issue Instant is not valid yet. IssueInstant: Thu Aug 17 05:29:31 GMT 2023Curent time: Thu Nov 09 08:14:09 GMT 2023 Correlation ID: 41A363DF-OOOO-9999-OOOO-7E2AD2B3B02B"
Environment
Identity Authentication
Reproducing the Issue
logon to the Service Provider.
Cause
Date and time of the servers which are communicating are not correct ?
Resolution
1.
Check and if needed correct the date and time of the servers which are taking part in the communication.
2.
Re-exchange the metadata files between the servers which are sending data to each other.
The most common communication flows are:
Service Provider --request--> IAS (IdP) --response--> Service Provider
Service Provider --request--> IAS (proxy) --request--> Corporate IdP --response--> IAS (proxy) --response--> Service Provider
See Also
Identity Provider could not process the authentication request received due to client error.
The message has either expired or is not yet valid
Identity Provider could not process the authentication request received due to client error. The message has either expired or is not yet valid
Keywords
KBA , BC-IAM-IDS , Identity Authentication Service , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)