SAML authentication results in a 401 error for all users. The SAML authentication attempt is logged as FAILED in the <APPIAN_HOME>/logs/login-audit.csv file. However, Appian authentication works as expected.
There is a mismatch in the server time on SAML Identity Provider (IdP) server and the server hosting the Appian application server.
This issue may occur when a wrong date or time is set on the servers involved in the authentication process, which will invalidate the SAML request/response.
When the SAML Identity Provider authorizes the token, it is dated with the exact time and date when it was sent to Appian. When Appian receives this request, it rejects the token considering the request being sent in the past or the future depending on the mismatch of the server time.
Ensure that the servers involved in the authentication process(IdP Server, Appian application server) are configured with the correct time.
This article applies to all versions of Appian.
Last Reviewed: March 2019
© 2020 Appian. All rights reserved.