FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Article Id 212967



This article describes how to troubleshoot SAML login fail with invalid response.   



1) FortiManager/FortiAnalyzer GUI may return the following error after SAML user authentication.


invalid_response: Could not validate timestamp: not yet valid. Check system clock.


2) Verify the ntp status.


FMG01 # diagnose system ntp status

MS Name/IP address         Stratum Poll Reach LastRx Last sample


^*                 2        10   377   412    -50us[  +61us] +/-  101ms


3) If no NTP server information, verify the NTP server and DNS server connectivity.


FMG01 # diag system ntp status
No information for NTP server


4) Verify the system time.


FMG01 # execute time

current time is: 10:14:11


FMG01 # execute date

current date is: 05/16/2022


5) Manually modify the date / time if require.


FMG01 # execute time 11:14:11


FMG01 # execute date 05/17/2022


6) If issue persists, gather a SAML trace and contact Fortinet TAC.


Related link:

Techinical Tip: SAML SSO - FortiManager/FortiAnalyzer Troubleshooting Options