Checking the Validation Results for the SAMLResponse
When the validation results for the SAMLResponse have failed, try the following solutions based on the validation results:
When the current time falls within the period specified with the NotBefore and NotOnOrAfter attributes of the Conditions element
The system time for IdP and Kintone might be different. Configure the IdP so that the system time is set correctly.
When the InResponseTo attribute of the SubjectConfirmationData element matches the AuthnRequest ID
A user might have tried to single sign-on from multiple tabs in one Web browser. Check whether the error still occurs when a user logs in from just one tab.
When the Audience element is correct
An invalid entity ID might have been set when you registered Kintone as an SP. The entity ID of the SP must be set to the following value: https://(subdomain_name).kintone.com
When at least one of the signatures in Assertion or Response elements exists and also all entered signatures are valid
The public key certificate might be invalid.
Attach a valid certificate in the "Certificate" section on the "Login Security" screen in "Kintone Users & System Administration". The certificate must be an X.509 certificate generated with either the RSA or DSA algorithm.