RSSO - SAML ValidatingException: Failed to validate notBefore condition

Version 2
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    Remedy Single Sign On


    Remedy Single Sign On




    Remedy SSO, throws a SAML validation error message during login as below,

    2017-12-07 20:58:42,973 ERROR [http-bio-8080-exec-91] IdpMessageReceiverServlet:134 - [603] Failed to process SAML message, conditions validation error
    com.bmc.rsso.core.saml.resp.validator.SamlValidatingException: Failed to validate notBefore condition, margin with current time ~ 264 s:  Not before is 2017-12-07 T 21:03:07.827Z, Current is 2017-12-07 T 20:58:42.973Z
            at com.bmc.rsso.core.saml.resp.validator.SamlResponseValidator.validate(


    This is caused when there is a time difference between the idP server and the Ondemand RSSO server, as the notBefore validation fails.


    Verify the time in all the Ondemand servers for the customer, If it's in sync with the domain controller. If not restart the NTPD service to sync the clocks, with server team's assistance. Once ondemand side is verified, now request the customer to verify and update the idp server time to be in sync with their domain controller, and that will resolve the Issue.

    sudo systemctl status ntpd -l
    sudo systemctl restart ntpd


    Article Number:


    Article Type:

    Solutions to a Product Problem

      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles