We have NAM and I have configured SAML 2.0 setup on NAM IDP
server for one of our SP.

SP initiated url.

I am trying to access the resource url, SP redirects it to IDP (NAM) >
user gets login page > once entering credentials > NAM sends sucessfull
SAML Response however the SAML Response is rejected by SP with the
"Time condition: for security reasons NotOnOrAfter
(2014-01-16T18:45:25Z) cannot be more than 74 minutes ahead of the
current time (2014-01-16T14:45:25.711Z"

When decoded the SAML response i see

NotOnOrAfter="2014-01-15T11:36:08Z"><saml:AudienceRestriction><saml:Audi ence>https://xxx.xxxxx.com</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement

So the NotOnOrAfter value for saml:SubjectConfirmationData is set 4
hours ahead of current time and due to this reason the Identity server
on SP side is rejected this SAML post.
Other SP using SAML 2.0 inthe same environment are not having issue
except this one SP.
I see this setting is being used globally, Is that something i can
modify it for one particular config? where?

VishalNovl's Profile: https://forums.netiq.com/member.php?userid=6693
View this thread: https://forums.netiq.com/showthread.php?t=49808