Checking the Validation Results for the SAMLResponse

Article Number:020451

When the validation results for the SAMLResponse have failed, try the following solutions based on the validation results:

When the current time falls within the period specified with the NotBefore and NotOnOrAfter attributes of the Conditions element

The system time for IdP and Kintone might be different. Configure the IdP so that the system time is set correctly.

When the InResponseTo attribute of the SubjectConfirmationData element matches the AuthnRequest ID

A user might have tried to single sign-on from multiple tabs in one Web browser. Check whether the error still occurs when a user logs in from just one tab.

When the Audience element is correct

An invalid entity ID might have been set when you registered Kintone as an SP. The entity ID of the SP must be set to the following value: https://(subdomain_name)

When at least one of the signatures in Assertion or Response elements exists and also all entered signatures are valid

The public key certificate might be invalid.
Attach a valid certificate in the "Certificate" section on the "Login Security" screen in "Administration". The certificate must be an X.509 certificate generated with either the RSA or DSA algorithm.