In the end of the SAML authentication process, the user gets one of the following error messages:
SAML-message with NotBefore XXX is not valid yet
SAML-message with NotOnOrAfter XXX is no longer valid
This issue occurs if there is a difference between the clock on the Identity Provider and the application (Jira/Confluence/Bitbucket/Bamboo). Mostly this issues happen after application updates or migration processes, by which the clock times of your systems get mixed up.
To fix this issue quickly: Disable the Enforce response validity dates function (Service Provider section -> under Security).
To solve the main issue:
Try to adjust the Atlassian application and Identity Provider time clocks so they get synchronized. To edit the system time for Atlassian applications, the java timezone needs to be adjusted: Setting-the-timezone-for-the-java-environment. For changing the time of the Identity Provider, please check the Identity Provider's documentations.
If changing the system times didn't solve the issue, try to increase the Time Skew (Seconds) field (Service Provider section -> under Security) higher then 60 seconds (recommended values: 120 up to 180 seconds). To find an appropriate value, please get in contact with our support and attach an authentication tracker of the failed authentication.