Self Hosted Redash Okta SAML login failed. Please try again later

I configured OKTA SAML in Redash. But when I click on SAML Login button I’m redirected back with this error SAML login failed. Please try again later.
I found these in logs

server_1 | [2020-11-13 12:42:17,400][PID:14][INFO][saml2.entity] HTTP REDIRECT
server_1 | [2020-11-13 12:42:17,404][PID:14][INFO][metrics] method=GET path=/saml/login endpoint=saml_auth_sp_initiated status=302 content_type=text/html; charset=utf-8 content_length=1515 duration=2452.69 query_count=1 query_duration=7.59
server_1 | [2020-11-13 12:42:17,418][PID:14][INFO][werkzeug] 10.0.2.2 - - [13/Nov/2020 12:42:17] “GET /saml/login?next=%2F HTTP/1.1” 302 -
server_1 | [2020-11-13 12:42:22,572][PID:14][INFO][saml2.response] status: <ns0:Status xmlns:ns0=“urn:oasis:names:tc:SAML:2.0:protocol”><ns0:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></ns0:Status>
server_1 | [2020-11-13 12:42:22,661][PID:14][ERROR][saml2.response] Exception on conditions: Can’t use response yet: (now=2020-11-13T12:42:22Z + slack=0) <= notbefore=2020-11-13T12:48:47.290Z
server_1 | [2020-11-13 12:42:22,662][PID:14][ERROR][saml2.client_base] XML parse error: Can’t use response yet: (now=2020-11-13T12:42:22Z + slack=0) <= notbefore=2020-11-13T12:48:47.290Z
server_1 | [2020-11-13 12:42:22,663][PID:14][ERROR][saml_auth] Failed to parse SAML response
server_1 | Traceback (most recent call last):
server_1 | File “/app/redash/authentication/saml_auth.py”, line 108, in idp_initiated
server_1 | request.form[“SAMLResponse”], entity.BINDING_HTTP_POST
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/client_base.py”, line 711, in parse_authn_request_response
server_1 | binding, **kwargs)
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/entity.py”, line 1195, in _parse_response
server_1 | response = response.verify(keys)
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 1049, in verify
server_1 | if self.parse_assertion(keys):
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 935, in parse_assertion
server_1 | if not self._assertion(assertion, False):
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 815, in _assertion
server_1 | if not self.condition_ok():
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 604, in condition_ok
server_1 | validate_before(conditions.not_before, self.timeslack)
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/validate.py”, line 113, in validate_before
server_1 | “<= notbefore=%s” % (now_str, slack, not_before))
server_1 | saml2.validate.ToEarly: Can’t use response yet: (now=2020-11-13T12:42:22Z + slack=0) <= notbefore=2020-11-13T12:48:47.290Z
server_1 | [2020-11-13 12:42:22,675][PID:14][INFO][metrics] method=POST path=/saml/callback endpoint=saml_auth_idp_initiated status=302 content_type=text/html; charset=utf-8 content_length=219 duration=3190.59 query_count=1 query_duration=6.73
server_1 | [2020-11-13 12:42:22,710][PID:14][INFO][werkzeug] 10.0.2.2 - - [13/Nov/2020 12:42:22] “POST /saml/callback?org_slug=default HTTP/1.1” 302 -
server_1 | [2020-11-13 12:42:22,757][PID:14][INFO][metrics] method=GET path=/login endpoint=redash_login status=200 content_type=text/html; charset=utf-8 content_length=2198 duration=14.06 query_count=1 query_duration=4.20

image757×342 13.7 KB

image756×590 33.6 KB

This is happening because there is a clock disagreement between Okta and your instance of Redash. When the clocks aren’t synchronized, the two servers can’t agree the answer to the question: “What time is it?” And when this happens, authentication fails. Try setting the system time on your Redash server using an NTP server. Or just manually set it and see if that helps.

Thanks I will try that out