/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- After updating the SSO certificate, an error message is received: "SAML 2.0 Error. Error code: 900003. Error message: Certificate will be active in future."
- The error prevents users from logging into SAP CPQ.
- The issue persists even after updating the metadata under Federation Settings.
Environment
SAP Sales Cloud CPQ
Cause
Observe on the Federation Settings page in CPQ that the "Identity Provider Signing Certificate Validity Date" is set to a future date.
This issue occurs because a new certificate has been created, which is scheduled to become active in the future.
The error message reflects this, indicating that the certificate will only be valid starting from the "Not Before" date, which is currently a future date.
Resolution
- Wait until the "Not Before" date and time for the new certificate to become active.
- Alternatively, create a new certificate on the IDP side that is already active.
- Note that SSO certificates operate with UTC time, and their validity is checked against UTC time.
See Also
Keywords
SAML 2.0 Error, Error code 900003, Certificate will be active in future, SSO certificate update, SAP CPQ, login issue, metadata update, certificate validity, UTC time. , KBA , CEC-SAL-CPQ , Sales Cloud CPQ , Problem
Product
SAP CPQ all versions
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)