• Unable to login though SSO stating 'invalid credentials'.
• Error found in /var/log/cb/coreservices/debug.log

2020-03-26 20:46:48 [29089] <err> cb.flask.blueprints.api_routes_saml - SSO assertion auth failure
Traceback (most recent call last):
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/cb/flask/blueprints/api_routes_saml.py", line 544, in saml_assertion
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/cb/flask/blueprints/api_routes_saml.py", line 187, in handle_assertion
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/saml2/client_base.py", line 702, in parse_authn_request_response
binding, **kwargs)
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/saml2/entity.py", line 1172, in _parse_response
response = response.verify(keys)
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/saml2/response.py", line 1020, in verify
if self.parse_assertion(keys):
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/saml2/response.py", line 932, in parse_assertion
if not self._assertion(assertion, False):
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/saml2/response.py", line 805, in _assertion
if not self.condition_ok():
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/saml2/response.py", line 593, in condition_ok
validate_before(conditions.not_before, self.timeslack)
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/saml2/validate.py", line 110, in validate_before
"<= notbefore=%s" % (now_str, slack, not_before))

ToEarly: Can't use response yet: (now=2020-03-26T20:46:48Z + slack=600) <= notbefore=2020-03-26T20:58:23.793Z

• CB Response Server: All Supported Versions

• The date/time is not aligned between the server, workstation, and/or domain controller

• Ensure that the time is within 600 seconds of the Response Server, DC and client workstation(s).