Problem

When attempting to log in to Terraform Enterprise using SAML, logins fail with the following error.

An error occurred. Please contact your TFE Administrator for further information. ERROR: Current time is earlier than NotBefore condition (2020-12-10 15:13:37 UTC < 2020-12-10 15:13:37 UTC)

This error occurs if the time on the TFE server and the SAML IDP provider are out sync.

The utility ntp should be used to keep the time in sync across the Terraform Enterprise host and the IDP servers. You’ll need to confirm with your SAML administrator to check the settings there.

On the Terraform Enterprise host, you can check the current time and date, as well as NTP synchronization status by running the timedatectl command as follows.

$ timedatectl
      Local time: Thu 2020-12-10 20:29:19 UTC
  Universal time: Thu 2020-12-10 20:29:19 UTC
        RTC time: Thu 2020-12-10 20:29:19
       Time zone: Etc/UTC (UTC, +0000)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no

• If network time is off or NTP is not synchronized, you can set this up with the following command:

sudo timedatectl set-ntp on

• For customer if ADFS is used as IdP, also set NotBeforeSkew in ADFS to 1 minute.If NotBeforeSkew is set to 0, even very small time differences, including milliseconds, can cause authentication problems.

       For more details:  https://www.ibm.com/docs/en/security-verify?topic=mad-troubleshooting