ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter Condition is not satisfied

Sathish Nadarajan
SharePoint MVP
Published On :   07 Apr 2014
Visit Count
Today :  1    Total :   17679

Today I was facing a strange issue when I opened my Development Site. Hence thought of sharing to the community.

The scenario here is, we are using 2 Servers for our development purpose. One is Windows Server 2012 on which the SharePoint 2013 has been installed. The other one is Windows Server 2008 R2, that we are using for the ADFS authentication.

Somehow, the time on the Windows Server 2008 R2 has been modified. (Not sure how it happened and that’s not our problem also). I tried login to the SharePoint Dev Site and I was getting the strange exception as mentioned on the title of this article. The exact exception and the trace are as follows.


I was little bit worried about this. But the solution was so simple.

1. Go to the Services.msc on the ADFS Server on which the time was not correct.

2. Find the “Windows Time” Service.

3. Restart the Service.

4. Do an IISRESET on both the servers.

5. Refresh the Dev Site.

6. SURPRISE… It worked like charm.

(If required, open the command prompt and type w32tm /resync. But I didn’t do this.)

And one thing I noticed is, as soon as I restarted the service, the time on the ADFS Server corrected automatically.

Happy Coding.

Sathish Nadarajan.