![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 87%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
@LYassine , Thanks for reaching out and apologies for the delay in response.
By tracking the details from the backend for your tenant based on the correlation ID and the timeframe of the error you have provided, I see some exception related to date and time of issued token as you could see below, an issued token was just valid for 2 minutes from issinst:2022-03-09T16:57:34Z to naf:2022-03-09T16:59:34Z which I feel very short duration so wondering any specific reason why your IDP sent token with shorter duration ? Ideally SAML token validity is 1 hour with Azure AD scenario.
ValidateSamlToken failed. Assertion: {"iss":"https://localhost:6500","issinst":"2022-03-09T16:57:34Z","naf":"2022-03-09T16:59:34Z","aud":["urn:federation:MicrosoftOnline"]}
Additionally, I would request you to ensure if identity provider is sending proper values in the following fields in the token IssueInstant , NotBefore , NotOnOrAfter , saml:Audience as urn:federation:MicrosoftOnline and, make sure identity provider is using the right key algorithm for signing token like RSA. Here's sample-token.xml for reference which you can use to compare non-working token. For detailed information about compatibility, see Azure AD federation compatibility list and Azure AD identity provider compatibility docs when using custom IDP for SSO.
Hope this helps.