Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
ckarwei
Staff
Staff

Created on ‎05-25-2022 02:32 AM Edited on ‎05-25-2022 04:15 AM By Community Manager

Article Id 212967

Technical Tip: SAML login fail with invalid response

Description

 

This article describes how to troubleshoot SAML login fail with invalid response.   

 

Solution


1) FortiManager/FortiAnalyzer GUI may return the following error after SAML user authentication.

 

invalid_response: Could not validate timestamp: not yet valid. Check system clock.

 

2) Verify the ntp status.

 

FMG01 # diagnose system ntp status

MS Name/IP address         Stratum Poll Reach LastRx Last sample

===================================================================

^* 208.91.112.63                 2        10   377   412    -50us[  +61us] +/-  101ms

 

3) If no NTP server information, verify the NTP server and DNS server connectivity.

 

FMG01 # diag system ntp status
No information for NTP server

 

4) Verify the system time.

 

FMG01 # execute time

current time is: 10:14:11

 

FMG01 # execute date

current date is: 05/16/2022

 

5) Manually modify the date / time if require.

 

FMG01 # execute time 11:14:11

 

FMG01 # execute date 05/17/2022

 

6) If issue persists, gather a SAML trace and contact Fortinet TAC.

 

Related link:

Techinical Tip: SAML SSO - FortiManager/FortiAnalyzer Troubleshooting Options

1888
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.