Delayed SSO message and server time-stamp settings
We are setting up a new app with CWT via a SAML 2.0 connection. One of the settings that they ask their customers to set is:
Time-to-Live - To compensate for the inevitable server system clock skew, despite the use of NTP, and to compensate for the inevitable network latency in delivering an SSO message across the Internet, a time window of +/- 3 minutes or more will avoid situations where the SSO message arrives with an invalid timestamp (either too early or too late).
Has anyone set something like this before? If so, how did you do it?