Support Note KB0395817
Email
Error: "Authentication Error - Failed to validate the user" SSO login server time issue
Issue

When trying to log in using single sign-on (SSO), I am getting the following error:

Authentication Error - Failed to validate the user. Please contact your administrator for further assistance.

The error log shows Failed to get Name id. Stack: ariba.util.saml.SAMLException: condition is not valid.

Resolution

Your ADFS server time should be in sync with SAP Ariba's server time. There are two possible solutions:

Cause

The NameID is rejected by SAP Ariba due to the Active Directory Federation Services (ADFS) server time. An example error log in the user interface (UI) shows:

<Conditions NotBefore="2017-01-20T13:31:23.829Z" NotOnOrAfter="2017-01-20T14:31:23.829Z"><AudienceRestriction><Audience>http://realmname.procurement-eu.ariba.com</Audience></AudienceRestriction></Conditions>

Fri Jan 20 05:31:15 PST 2017 (T93:*:*:*:dlpjbk:C23_UI3:x0914) (user:WARN) [ID100007]: Failed to get Name id. Stack: ariba.util.saml.SAMLException: condition is not valid.

The condition that failed (copied from the Security Assertion Markup Language (SAML) response that was received in the above scenario) follows:

<Conditions NotBefore="2017-01-20T13:31:23.829Z" NotOnOrAfter="2017-01-20T14:31:23.829Z">

Note: Z refers to Zulu Time. Hence, you need to convert the time from Zulu to Pacific Standard Time (PST).

The SAML response reaches SAP Ariba eight seconds earlier than the Not Before condition, which causes the condition to return false and the login to fail.

Additional Information

If the error log includes Failed to get Name id. Stack: ariba.util.saml.SAMLException: org.opensaml.xml.validation.ValidationException: Signature did not validate against the credential's key instead of the above condition not met, see Certificate Expired.

If you are instead getting the error Authentication Error - Authentication Failed, see Invalid SAML.


Applies To

Purchasing
Spend Visibility
Strategic Contracts
Strategic Sourcing
Supplier Information & Performance Management

Terms of Use  |  Copyright  |  Security Disclosure  |  Privacy