You can configure the assertion validity time for WS Federation Provider (SP) to accommodate clock skew between a service provider and a SAML identity provider.
To set the assertion validity for WSFed configuration, perform the following steps:
On the Home page, click Identity Servers > [cluster name] > Configuration > Properties.
Click the Plus icon and configure the following property:
Property Type: WSFED ASSERTION VALIDITY
Property Value: Specify the assertion validity time in second
Restart Tomcat by using the following command:
/etc/init.d/novell-idp restart