Reset Search



KB21687 - Invalid SAML assertion

« Go Back


Last Modified Date7/22/2017 10:32 PM
This article describes an issue where end users receive the message "FAILURE: invalid assertion" when attempting to login to the Pulse Connect Secure device.
Problem or Goal

Scenario 1: Time Sync issue

In the event log, the following message will appear:
minor - System()[] - Assertion for SAML Auth Server '5' has expired; NotOnOrAfter earlier than or equal to current time (minus allowed skew) 
'2011-05-04T21:04:42Z'; You can adjust the allowed clock skew for the SAML Auth Server to compensate; Assertion '2011-05-04T21:04:42Z'"
Please make sure that the time is in sync between the SAML server and the PCS device.

Scenario 2:  Certificate issue

SAML Response received by PCS device is signed, however the signing certificate is not uploaded on the PCS device.

From the SAML Auth server, under Response Signing Certificate field, upload the appropriate certificate.
Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255