400 Bad Request with mod_auth_mellon and SAML

AshASML · June 10, 2025, 5:10pm

Hi Team ,

We are getting 400 Bad Request error after Single Sign On using SAML authentication with mod_auth_mellon . Referred for the auth process : SAML Authentication with Active Directory Federated Services (ADFS) and mod_auth_mellon — Open OnDemand 4.0.0 documentation .

The SAML configuration is properly configured and also, the mellon config , metadata is okay however , we are getting the below error in Logs (checked the ntp and clock sync already ) . Can you please provide Any suggestion we can try or debug more to see what’s causing this .

ERROR_SSL.log

[Mon Jun 09 14:54:20.602950 2025] [auth_mellon:error] [pid xxxx:tid xxxxx] [client 1x.1xx.2xx.21:459xx] NotOnOrAfter in SubjectConfirmationData was in the past., referer: https://federation.xxx.com/

Thank you ! Any help is appreciated ..

travert · June 11, 2025, 12:47am

I’m not sure there’s much to do with OOD here unfortunately. The error itself is from apache, not OOD, and deals with the mod_auth_mellon apache module which is not part of the OOD stack.

Googling on the error returns results only pointing to the NTP clock and issues around that, which triggers the assertion being rejected because notOnOrAfter attribute is old (I think, I’m not a SAML expert). I know you’ve already said NTP has been checked, but something sure seems off with time here given the log entry.

Maybe someone else has had this issue with SAML and can chime in though.

Topic		Replies	Views
Bad Request - Your browser sent a request that this server could not understand Get Help	2	107	March 11, 2025
Help with ADFS integration Get Help	6	1200	August 9, 2022
OOD 1.8 and SAML2 and ADFS authentication Get Help question	9	2437	May 26, 2022
Troubleshooting mod_auth_mellon / ADFS config Get Help	3	134	January 27, 2025
Issues with mod_auth_mellon Get Help	3	312	August 14, 2024

400 Bad Request with mod_auth_mellon and SAML

Related topics