KB-1901 SAML authentication results in a 401 error due to wrong server time

Symptoms

SAML authentication results in a 401 error for all users. The SAML authentication attempt is logged as FAILED in the <APPIAN_HOME>/logs/login-audit.csv file. However, Appian authentication works as expected.

There is a mismatch in the server time on SAML Identity Provider (IdP) server and the server hosting the Appian application server.

Cause

This issue may occur when a wrong date or time is set on the servers involved in the authentication process, which will invalidate the SAML request/response.

When the SAML Identity Provider authorizes the token, it is dated with the exact time and date when it was sent to Appian. When Appian receives this request, it rejects the token considering the request being sent in the past or the future depending on the mismatch of the server time.

Action

Ensure that the servers involved in the authentication process(IdP Server, Appian application server) are configured with the correct time.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: March 2019

Related
Recommended