SAML Assertion not yet Valid

Formerly SecureONE

Symptom

When attempting to log in to Netwrix Privilege Secure Discovery UI using Active Directory Federation Service (ADFS) as the identity provider, you receive the following error:

SAML assertion not yet valid

Resolution

In ADFS add the NotBeforeSkew value to the relying party on the ADFS server. The number after NotBeforeSkew represent the number of minutes to skew the NotBeforeValue, so a setting of 3 would result in a NotBefore of -3 minutes.

This is the PowerShell command to set NotBeforeSkew:

Set-ADFSRelyingPartyTrust -TargetIdentifier "" -NotBeforeSkew 3"

Symptom​

Resolution​

Symptom

Resolution