SSO/SAML login fails with "Received invalid SAML response: Timing issues (please check your clock settings)"
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
Users are unable to login via SSO.
The application logs show:
2021-05-31 09:42:54,405+0200 http-nio-8080-exec-18 ERROR anonymous 582x862402x1 ci3y7s 172.26.82.75,172.26.10.3 /plugins/servlet/samlconsumer [c.a.p.a.i.web.filter.Erro rHandlingFilter] Received invalid SAML response: Timing issues (please check your clock settings) com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: Timing issues (please check your clock settings)
The error is self-explanatory and points to clock synchronization issues between the IdP and the SP (the Atlassian product).
- If logins to multiple SPs are impacted the issue most likely lies with the clock of the IdP server.
- If only logins to the Atlassian product are failing, the clock needs to be fixed on the product server.
- System clocks are usually kept in sync via NTP (Network Time Protocol). Infrastructure admins need to make NTP is syncing and the time delta is negligible.