Skip to main content

Authentication Statement is Too Old to be Used Error Occurs During SSO Login When Engine Configured in Data Control Tower (formerly Central Management) (KBA6966)




KBA# 6966



Engines configured in Data Control Tower (DCT), formerly Central Management, are defaulted to SSO authentication, which is handled using Delphix IDP as an intermediary (SP broker).  In the process of accessing an Engine configured in DCT, the following error may be encountered (date and times indicated will vary based on when the issue is observed):

Bad Request 
Validation Errors: 1. Authentication statement is too old to be used with value: '2021-01-21T14:05:50.227Z' current time: '2021-01-21T18:10:11.006Z'

In this condition, the user will not be able to directly access the Engines, though the interface will continue to function as expected.


- The Engine is configured in Data Control Tower.

- The user in question has been frequently active in Data Control Tower (

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases



The behavior discussed here ultimately occurs as a result of the frequency of user activity.  In the Delphix IdP, a session timeout of 4 hours is configured, which is expected to accommodate the majority of use cases.  When this session timeout expires, the user is required to login to again which creates a new authentication statement and session time.

If a given user is continually active in DCT and the 4-hour session timeout never lapses, the current clock time vs. session start time will exceed four hours, and the error will be encountered.  

If encountered, this issue can be resolved by explicitly logging out of Data Control Tower by clicking the username in upper right-hand corner, then selecting Sign Out.





Related Articles

The following articles may provide more information or related information to this article: