Some days ago I got the security token project back to the surface (from the deepest part of my repository) to use in in another current project. Unfortunately I got an error message as I started the project for the first time. I didn't know where it came from, so I went through the code step-by-step. Fascinated I recognized that it didn't appear again. I reloaded the page several times, but everything seemed to work fine. Because of this I thought it would have been a cache problem and forgot it.

Some hours later I had deleted my cookies and tried to issue myself a new token - but there the error was again - and again it disappeared during the step-by-step debugging.

Because I couldn't find a specific reason for this I spread several breakpoints all over the code and just hopped from one to the next to narrow the place of the exception. As I finally found the place in the code, I got the following error message:

"The SamlToken is not time valid. The current time "5/14/2008 11:29:21 AM" is outside the Effective "5/14/2008 11:29:59 AM" and Expiration "14.06.2008 11:29:59" time of the token.

image

What happened? First I guessed that there could be a bug in the calculation of the date, until I recognized: The token was valid some seconds AFTER the issuing. But why? Could that be a build in method?

After some research in the internet I found someone who had the same problem. He already had answered the question for himself: "I think I should correct the time of the server" ... right ... there was a time difference of 30 seconds between my PC and the dev-server I used - that has been the reason why the token was not YET valid as I it was issued to me - and this was the reason why I couldn't find it as I went through the code step-by-step, because I needed a longer time to step through than the differnce between both machines.