One of the partners for which they are PingFederate integrated already were getting below error while performing Single Sign-On. We are IDP and partner is SP and PingFederate is used at both ends using Artifact profile.
If you observe closely it is complaining about Time Condition. Thumb rule is that IDP and SP ends should be in time sync including Time Zone. This is because the assertion generated at IDP end is valid only for the time interval that is defined in SP specific settings at IDP PingFederate. The setting is shown in below screenshot.
If the SP PingFederate server is having time difference more than these time intervals defined then it will result in SAML assertion validation failure.
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com
Find Us On