Console 3.1.1 SAML error: Invalid SAML Response. Please login as admin and verify your IdP fingerprint is correct


When attempting to log in to Console with LDAP credentials, you receive the following error:

Invalid SAML response. Check your SAML Configuration. Error message = 'Current time is earlier than NotBefore condition'. Please login as admin and verify your IdP fingerprint is correct and your certificates have not expired on your IdP.


This occurs even when your IdP is set up correctly and working as expected.

This issue is due to an outdated version of the ruby-saml gem that Console 3.1.1 uses. The next release of Console will include an up to date version of this gem. In the meantime, you can employ the workaround below to upgrade the gem yourself.


1. Download the file attached at the bottom of this article.

2. Unzip the file into the following directory:

  • Linux: /opt/aspera/console/vendor/gems
  • Windows: "C:\Program Files (x86)\Aspera\Management Console\vendor\gems"

3. Open the following file in a text editor:

  • Linux: /opt/aspera/console/config/environment.rb
  • Windows: "C:\Program Files (x86)\Aspera\Management Console\config\environment.rb"

Find the following line:

config.gem 'ruby-saml', :version => '0.7.2'

Change the version to 1.4.2 so it looks like the following:

config.gem 'ruby-saml', :version => '1.4.2'

Save the file.

4. Open the following files in a text editor:

  • Linux: /opt/aspera/console/app/controllers/application_controller.rb and /opt/aspera/console/app/controllers/saml_controller.rb
  • Windows: "C:\Program Files (x86)\Aspera\Management Console\app\controllers\application_controller.rb" and "C:\Program Files (x86)\Aspera\Management Console\app\controllers\saml_controller.rb"

Replace all instances of Onelogin::Saml with OneLogin::RubySaml

5. Restart Console

# asctl console:restart


Powered by Zendesk