<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AIbBK5CQNOkta Classic EngineSingle Sign-OnAnswered2025-01-15T19:01:28.000Z2024-12-05T22:45:05.000Z2025-01-15T19:01:28.000Z

User17334382274341215880 (Customer) asked a question.

December 5, 2024 at 10:45 PM
The Saml2SecurityToken is rejected because the SAML2:Assertion's NotOnOrAfter condition is not satisfied.

I am new to configuring Okta SSO. I am using an Okta Dev account. I have configured Okta SSO with an application and I am able to authenticate to Okta, but when I get redirected back to the application, I receive the following error:

 

{

 "ErrorCode": null,

 "ShowReturnLink": true,

 "Error": true,

 "Message": "The identity provider may not be configured correctly. Contact your administrator: ID4148: The Saml2SecurityToken is rejected because the SAML2:Assertion's NotOnOrAfter condition is not satisfied.\nNotOnOrAfter: '12/5/2024 10:30:06 PM'\nCurrent time: '12/5/2024 11:25:03 PM'"

}

 

I don't understand how to fix this issue. I have verified that the date and time on the server the application resides on is correct. I have not been able to find anything on the Okta side related to date/time. Any help to point me in the right direction to resol

  • 2 answers
  • 394 views

  • Mihai N. (Okta, Inc.)

    Hi @User17334382274341215880 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    The error points to an app side misconfiguration or issue.

    When it comes to SAML SSO configuration on the Okta side, it's pretty straight forward. Using the Application Integration Wizard, you input the name and fill the required URL fields with the expected values from the app side, save it and then check the "view setup instruction" to get the IDP SSO URL, issuer and certificate or metadata that would need to be input on the app side of the configuration.  

    If this app is provided by a third party, I recommend checking with their support.

    If this app is some kind of custom self-hosted one, you will need to review its configuration and environment for the possible cause.   

    I've checked on our side for any similar reports and could not find any, but I did find something referencing this exact error on the Microsoft side. Not sure how relevant this is, but I'm adding the link to it here

       

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Ask Us Anything about Okta FastPass - now thru December 11th.

    Expand Post
    Selected as Best

  • Mihai N. (Okta, Inc.)

    Hi @User17334382274341215880 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    The error points to an app side misconfiguration or issue.

    When it comes to SAML SSO configuration on the Okta side, it's pretty straight forward. Using the Application Integration Wizard, you input the name and fill the required URL fields with the expected values from the app side, save it and then check the "view setup instruction" to get the IDP SSO URL, issuer and certificate or metadata that would need to be input on the app side of the configuration.  

    If this app is provided by a third party, I recommend checking with their support.

    If this app is some kind of custom self-hosted one, you will need to review its configuration and environment for the possible cause.   

    I've checked on our side for any similar reports and could not find any, but I did find something referencing this exact error on the Microsoft side. Not sure how relevant this is, but I'm adding the link to it here

       

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Ask Us Anything about Okta FastPass - now thru December 11th.

    Expand Post
    Selected as Best

  • User17334382274341215880 (Customer)

    Thank you for the reply. We determined that there was a problem with the system time setting. Someone had manually changed the system time in the Control Panel's date/time console. This caused an incorrect UTC time. Correcting the time there fixed the issue.

This question is closed.
Loading
The Saml2SecurityToken is rejected because the SAML2:Assertion's NotOnOrAfter condition is not satisfied.