I configured OKTA SAML in Redash. But when I click on SAML Login button I’m redirected back with this error SAML login failed. Please try again later.
I found these in logs
server_1 | [2020-11-13 12:42:17,400][PID:14][INFO][saml2.entity] HTTP REDIRECT
server_1 | [2020-11-13 12:42:17,404][PID:14][INFO][metrics] method=GET path=/saml/login endpoint=saml_auth_sp_initiated status=302 content_type=text/html; charset=utf-8 content_length=1515 duration=2452.69 query_count=1 query_duration=7.59
server_1 | [2020-11-13 12:42:17,418][PID:14][INFO][werkzeug] 10.0.2.2 - - [13/Nov/2020 12:42:17] “GET /saml/login?next=%2F HTTP/1.1” 302 -
server_1 | [2020-11-13 12:42:22,572][PID:14][INFO][saml2.response] status: <ns0:Status xmlns:ns0=“urn:oasis:names:tc:SAML:2.0:protocol”><ns0:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></ns0:Status>
server_1 | [2020-11-13 12:42:22,661][PID:14][ERROR][saml2.response] Exception on conditions: Can’t use response yet: (now=2020-11-13T12:42:22Z + slack=0) <= notbefore=2020-11-13T12:48:47.290Z
server_1 | [2020-11-13 12:42:22,662][PID:14][ERROR][saml2.client_base] XML parse error: Can’t use response yet: (now=2020-11-13T12:42:22Z + slack=0) <= notbefore=2020-11-13T12:48:47.290Z
server_1 | [2020-11-13 12:42:22,663][PID:14][ERROR][saml_auth] Failed to parse SAML response
server_1 | Traceback (most recent call last):
server_1 | File “/app/redash/authentication/saml_auth.py”, line 108, in idp_initiated
server_1 | request.form[“SAMLResponse”], entity.BINDING_HTTP_POST
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/client_base.py”, line 711, in parse_authn_request_response
server_1 | binding, **kwargs)
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/entity.py”, line 1195, in _parse_response
server_1 | response = response.verify(keys)
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 1049, in verify
server_1 | if self.parse_assertion(keys):
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 935, in parse_assertion
server_1 | if not self._assertion(assertion, False):
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 815, in _assertion
server_1 | if not self.condition_ok():
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 604, in condition_ok
server_1 | validate_before(conditions.not_before, self.timeslack)
server_1 | File “/usr/local/lib/python3.7/site-packages/saml2/validate.py”, line 113, in validate_before
server_1 | “<= notbefore=%s” % (now_str, slack, not_before))
server_1 | saml2.validate.ToEarly: Can’t use response yet: (now=2020-11-13T12:42:22Z + slack=0) <= notbefore=2020-11-13T12:48:47.290Z
server_1 | [2020-11-13 12:42:22,675][PID:14][INFO][metrics] method=POST path=/saml/callback endpoint=saml_auth_idp_initiated status=302 content_type=text/html; charset=utf-8 content_length=219 duration=3190.59 query_count=1 query_duration=6.73
server_1 | [2020-11-13 12:42:22,710][PID:14][INFO][werkzeug] 10.0.2.2 - - [13/Nov/2020 12:42:22] “POST /saml/callback?org_slug=default HTTP/1.1” 302 -
server_1 | [2020-11-13 12:42:22,757][PID:14][INFO][metrics] method=GET path=/login endpoint=redash_login status=200 content_type=text/html; charset=utf-8 content_length=2198 duration=14.06 query_count=1 query_duration=4.20