diff --git a/management/univention-management-console-frontend/univention-management-console-web-server b/management/univention-management-console-frontend/univention-management-console-web-server
index e341609..f76a42c 100755
--- a/management/univention-management-console-frontend/univention-management-console-web-server
+++ b/management/univention-management-console-frontend/univention-management-console-web-server
@@ -603,6 +603,10 @@ class SamlError(UMC_HTTPError):
 	def multiple_identity_provider(self, idps, idp_query_param):
 		return self._('Could not pick an identity provider. You can specify one via the query string parameter %r from %r') % (idp_query_param, idps)
 
+	@error(status=500)
+	def time_sync_error(self):
+		return self._('The SAML message could not be verified. This is most likely a problem in the date settings of this server. Please inform an Administrator to resync the server clock.')
+
 
 class Ressource(object):
 
@@ -1275,6 +1279,13 @@ class SAML(Ressource):
 			response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries)
 		except (UnknownPrincipal, UnsupportedBinding, VerificationError, UnsolicitedResponse, StatusError, MissingKey, SignatureError):
 			raise SamlError().from_exception(*sys.exc_info())
+		except AssertionError as exc:
+			tb = sys.exc_info()[2]
+			while tb.tb_next:
+				tb = tb.tb_next
+			if tb.tb_frame.f_code.co_name != '_verify':
+				raise
+			raise SamlError().time_sync_error()
 		if response is None:
 			raise SamlError().unparsed_saml_response()
 		return response