Users logging in with SAML and SSO are facing 401 Unauthorized error

Websecurity.log:

WARN   [https-jsse-nio-9443-exec-2:security] :unknown: - [Zone: main]Exception
org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
Caused by: org.springframework.security.authentication.CredentialsExpiredException: Authentication statement is too old to be used with value 2024-01-24T18:17:07.490Z

You can force the re-authentication by selecting the check box (Identity Provider (IdP) this should Force Re-authentication of the User) in the SAML configuration on the "Identity Provider (IdP) Metadata page and confirmed in the securitysettings.xml:

<property name="idPForceAuthn" value="true"/>

You can disable this setting, however, be aware that WebFOCUS could complain about "Assertion is too old" if the user authenticated more than 2 hours ago

https://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html#time-interval