There could be a mismatch between what is sent by the IdP and what is expected by the SP. This could be a simple case where the FQDN described in the metadata file contains upper-case characters and the assertion contains only lower-case characters. Changing the case so that it is consistent throughout should help to resolve this problem.
File "/usr/lib/python2.6/site-packages/saml2/validate.py", line 97, in validate_before raise Exception("Can't use it yet %d <= %d" % (nbefore, now)) Exception: Can't use it yet 1422811221 <= 1422811211
There is a mismatch in the clocks of ADFS and the Carbon Black Enterprise Server. Synchronizing the clocks should help resolve this problem.
It is possible that there is a problem with the signature of the SAML assertion. This could be resolved by ensuring that both the IdP and SP metadata files accurately reflect the configuration of the IdP and SP. Solving this error may involve retrieving a new IdP metadata file from https://<FQDN-of-ADFS>/FederationMetadata/2007-06/FederationMetadata.xml and a new SP metadata file by running the following command:
It is possible that the SAML assertion contains characters that the Carbon Black Enterprise Server interpreted as a cross-site request forgery. This is a known issue, which does not affect the SSO functionality. Upgrade to the latest version of Cb Response.