SAML AuthInstant is after server time

Peter Schober peter.schober at
Thu Nov 20 03:09:28 EST 2014

* Peter Schober <peter.schober at> [2014-11-20 09:07]:
> I just wonder why the IDP issues such assertions, with NotBefore full
> 5 minutes later than the AuthnInstant. (Started a fresh browser
> session, no session at IDP or SP.)

The Assertion/@IssueInstant matches the Conditions/@NotBefore exactly.
So where does the AuthnInstant value come from?

More information about the users mailing list