• ramanareddy p
  • 9 Points
  • Member since 2017

  • Chatter
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
  • 5

We are getting SSO Login error as. The timestamp #4 (some times) and Miscellaneous format confirmations error #6 always. Do you have got any resolution for this  ??

User-added image

Last recorded SAML login failure:  2017-11-17T10:29:53.769Z
Unexpected Exceptions
1. Validating the Status
2. Looking for an Authentication Statement
3. Looking for a Conditions statement
4. Checking that the timestamps in the assertion are valid (Sometimes)
  Current time is after notOnOrAfter in Conditions
  Current time is: 2017-11-17T11:26:37.887Z
  Time limit in Conditions, adjusted for skew, is: 2017-11-17T10:36:54.207Z
  Timestamp of the response is outside of allowed time window
  Current time is: 2017-11-17T11:26:37.887Z
  Timestamp is: 2017-11-17T10:28:54.207Z
  Allowed skew in milliseconds is 480000
  Timestamp of the assertion is outside of allowed time window
  Current time is: 2017-11-17T11:26:37.887Z
  Timestamp is: 2017-11-17T10:28:54.207Z
  Allowed skew in milliseconds is 480000

5. Checking that the Attribute namespace matches, if provided
  Not Provided
6. Miscellaneous format confirmations
  InResponseTo must be empty for Idp-init Browser POST Profile

7. Confirming Issuer matches
8. Confirming a Subject Confirmation was provided and contains valid timestamps
9. Checking that the Audience matches
10. Checking the Recipient
  Organization Id that we expected: 00D4D0000008j6x
  Organization Id that we found based on your assertion: 00D4D0000008j6x
11. Validating the Signature
  Is the response signed? false
  Is the assertion signed? true
  Is the correct certificate supplied in the keyinfo? true
12. Checking that the Site URL Attribute contains a valid site url, if provided
  Not Provided
13. Looking for portal and organization id, if provided
14. Checking if session security level is valid, if provided

Thank you.

We are getting SSO Login error as. The timestamp #4 (some times) and Miscellaneous format confirmations error #6 always. Do you have got any resolution for this  ??

User-added image

Last recorded SAML login failure:  2017-11-17T10:29:53.769Z
Unexpected Exceptions
1. Validating the Status
2. Looking for an Authentication Statement
3. Looking for a Conditions statement
4. Checking that the timestamps in the assertion are valid (Sometimes)
  Current time is after notOnOrAfter in Conditions
  Current time is: 2017-11-17T11:26:37.887Z
  Time limit in Conditions, adjusted for skew, is: 2017-11-17T10:36:54.207Z
  Timestamp of the response is outside of allowed time window
  Current time is: 2017-11-17T11:26:37.887Z
  Timestamp is: 2017-11-17T10:28:54.207Z
  Allowed skew in milliseconds is 480000
  Timestamp of the assertion is outside of allowed time window
  Current time is: 2017-11-17T11:26:37.887Z
  Timestamp is: 2017-11-17T10:28:54.207Z
  Allowed skew in milliseconds is 480000

5. Checking that the Attribute namespace matches, if provided
  Not Provided
6. Miscellaneous format confirmations
  InResponseTo must be empty for Idp-init Browser POST Profile

7. Confirming Issuer matches
8. Confirming a Subject Confirmation was provided and contains valid timestamps
9. Checking that the Audience matches
10. Checking the Recipient
  Organization Id that we expected: 00D4D0000008j6x
  Organization Id that we found based on your assertion: 00D4D0000008j6x
11. Validating the Signature
  Is the response signed? false
  Is the assertion signed? true
  Is the correct certificate supplied in the keyinfo? true
12. Checking that the Site URL Attribute contains a valid site url, if provided
  Not Provided
13. Looking for portal and organization id, if provided
14. Checking if session security level is valid, if provided

Thank you.

This is a Single Sign On with Microsoft Azure AD issue.  

I'm setting it up on a sandbox and getting an error when tried to log in.  
Login Error
Your login attempt using single sign-on with an identity provider certificate has failed. Please contact your salesforce.com administrator for more information.

I'm looking at the SSO SAML Validator and see these errors below.  I think #4 can be ignore but #6 may cause an issue.  Do you know how to resolve this issue?

Last recorded SAML login failure:  2015-03-24T21:10:51.428Z
Unexpected Exceptions
1. Validating the Status
2. Looking for an Authentication Statement
3. Looking for a Conditions statement
4. Checking that the timestamps in the assertion are valid
  Current time is after notOnOrAfter in Conditions
  Current time is: 2015-03-24T21:23:53.412Z
  Time limit in Conditions, adjusted for skew, is: 2015-03-24T21:18:51.884Z
  Timestamp of the response is outside of allowed time window
  Current time is: 2015-03-24T21:23:53.412Z
  Timestamp is: 2015-03-24T21:10:51.884Z
  Allowed skew in milliseconds is 480000
  Timestamp of the assertion is outside of allowed time window
  Current time is: 2015-03-24T21:23:53.412Z
  Timestamp is: 2015-03-24T21:10:51.869Z
  Allowed skew in milliseconds is 480000
5. Checking that the Attribute namespace matches, if provided
  Not Provided
6. Miscellaneous format confirmations
  InResponseTo must be empty for Idp-init Browser POST Profile
7. Confirming Issuer matches
8. Confirming a Subject Confirmation was provided and contains valid timestamps
9. Checking that the Audience matches
10. Checking the Recipient
  Organization Id that we expected: 00Dq00000009EyE
  Organization Id that we found based on your assertion: 00Dq00000009EyE
11. Validating the Signature
  Is the response signed? false
  Is the assertion signed? true
  Is the correct certificate supplied in the keyinfo? true
12. Checking that the Site URL Attribute contains a valid site url, if provided
  Not Provided
13. Looking for portal and organization id, if provided
  Not Provided
14. Checking if session security level is valid, if provided

Subject: [[[My User Email]]]
Unable to map the subject to a Salesforce.com user
AssertionId: _6f0bcc79-a407-46db-bf31-b7b5394a2ce3




We're working on an integration with ADFS and followed the document on developerForce to a T. We are getting some strange errors that I'm not sure how to troubleshoot. See below:


10. Checking the Recipient

  Organization Id that we expected: 00DU0000000XXXX

  Organization Id that we found based on your assertion: 00DU0000000XXXX


The OrgIDs above are exact matches. Not sure why this is displaying as an error.


4. Checking that the timestamps in the assertion are valid

  Current time is after notOnOrAfter in Conditions

  Current time is: 2012-02-16T22:00:12.184Z

  Time limit in Conditions, adjusted for skew, is: 2012-02-13T22:50:15.127Z

  Timestamp of the response is outside of allowed time window

  Current time is: 2012-02-16T22:00:12.184Z

  Timestamp is: 2012-02-13T22:42:15.125Z

  Allowed skew in milliseconds is 480000

  Timestamp of the assertion is outside of allowed time window

  Current time is: 2012-02-16T22:00:12.184Z

  Timestamp is: 2012-02-13T22:42:15.045Z

  Allowed skew in milliseconds is 480000


The time on the machine is exactly the same as the time in Salesforce, at least it is on the ActiveDirectory. Where is it getting the time from here?