SAP Knowledge Base Article - Public

3399076 - Identity Provider could not process the authentication request received due to client error. The message has either expired or is not yet valid

Symptom

At logon to Service Provider the following error is seen in the logs:

2023-11-09T08.14.09.009Z timestamp="2023-11-09T08.14.09.009Z", ipAddress="xx.xxx.xxx.xx", severity="ERROR", location="com.sap.security.saml2.idp.api.AuthnRequestValidationService", crtAccount="iastenantid", authenticatedSubject="anonymous", correlationId="41A363DF-OOOO-9999-OOOO-7E2AD2B3B02B", message="The received SAML2 message has been issued at Thu Aug 17 05:29:31 GMT 2023, which is not within the expected time frame. The message has either expired or is not yet valid.

2023-11-09T08.14.09.009Z timestamp="2023-11-09T08.14.09.009Z", ipAddress="xx.xxx.xxx.xx", severity="ERROR", location="com.sap.security.saml2.idp.endpoints.sso.SSOEndpointErrorLogger", crtAccount="iastenantid", authenticatedSubject="anonymous", correlationId="41A363DF-OOOO-9999-OOOO-7E2AD2B3B02B", message="Identity Provider could not process the authentication request received due to client error. The message has either expired or is not yet valid. Caused by: Issue Instant is not valid yet. IssueInstant: Thu Aug 17 05:29:31 GMT 2023Curent time: Thu Nov 09 08:14:09 GMT 2023 Correlation ID: 41A363DF-OOOO-9999-OOOO-7E2AD2B3B02B" 

Environment

Identity Authentication

Reproducing the Issue

Logon to the Service Provider

Cause

Date and time of the servers which are communicating are not correct.

Resolution

  1. Check and if needed correct the date and time of the servers which are taking part in the communication. 
  2. Re-exchange the metadata files between the servers which are sending data to each other.
    The most common communication flows are:
    Service Provider -- request-->  IAS (IdP)  -- response -->  Service Provider 
    Service Provider -- request-->  IAS (proxy) -- request -->  Corporate IdP  -- response -->  IAS (proxy) -- response --> Service Provider 


     

Keywords

Identity Provider could not process the authentication request received, The message has either expired or is not yet valid, IAS, Issue Instant is not valid yet, , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

Product

SAP SuccessFactors HXM Core 2311