Hi All

One of the partners for which they are PingFederate integrated already were getting below error while performing Single Sign-On. We are IDP and partner is SP and PingFederate is used at both ends using Artifact profile.

If you observe closely it is complaining about Time Condition. Thumb rule is that IDP and SP ends should be in time sync including Time Zone. This is  because the assertion generated at IDP end is valid only for the time interval that is defined in SP specific settings at IDP PingFederate. The setting is shown in below screenshot.

 

If the SP PingFederate server is having time difference more than these time intervals defined then it will result in SAML assertion validation failure.