ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter Condition is not satisfied

Sathish Nadarajan
Solution Architect
April 7, 2014
Rate this article
[Total: 0    Average: 0/5]

Today I was facing a strange issue when I opened my Development Site. Hence thought of sharing to the community.

The scenario here is, we are using 2 Servers for our development purpose. One is Windows Server 2012 on which the SharePoint 2013 has been installed. The other one is Windows Server 2008 R2, that we are using for the ADFS authentication.

Somehow, the time on the Windows Server 2008 R2 has been modified. (Not sure how it happened and that’s not our problem also). I tried login to the SharePoint Dev Site and I was getting the strange exception as mentioned on the title of this article. The exact exception and the trace are as follows.


I was little bit worried about this. But the solution was so simple.

1. Go to the Services.msc on the ADFS Server on which the time was not correct.

2. Find the “Windows Time” Service.

3. Restart the Service.

4. Do an IISRESET on both the servers.

5. Refresh the Dev Site.

6. SURPRISE… It worked like charm.

(If required, open the command prompt and type w32tm /resync. But I didn’t do this.)

And one thing I noticed is, as soon as I restarted the service, the time on the ADFS Server corrected automatically.

Happy Coding.

Sathish Nadarajan.

Category : SharePoint

Author Info

Sathish Nadarajan
Solution Architect
Rate this article
[Total: 0    Average: 0/5]
Sathish is a Microsoft MVP for SharePoint (Office Servers and Services) having 13+ years of experience in Microsoft Technologies. He holds a Masters Degree in Computer Aided Design and Business more

Leave a comment