Hi Oliver and Colm, I have just searched old emails that I corresponded with OpenSAML developers and here is what I have about clock skew between STS and Service Provider. I was asking about NotOnOrAftr timestamp in the SAML token.
<< Allow a configurable amount of clock skew of 3-5 minutes or so and then apply that to the value you're comparing to in the conservative direction. >> -- View this message in context: http://cxf.547215.n5.nabble.com/maximumClockSkew-and-freshness-in-fediz-config-xml-tp5716032p5716300.html Sent from the cxf-user mailing list archive at Nabble.com.
