Some operations require time synchronization between guest servers and PingFederate. This task describes how to resolve time
synchronization errors for various server platforms.
The following PingFederate error message is caused by either network latency or a time synchronization error:
ERROR [com.pingidentity.adapters.opentoken.BaseAuthnAdapter] Error decoding token
com.pingidentity.opentoken.TokenException: Invalid token; token is not yet valid (not-before > now)
For a network latency issue, see the Knowledge Base article What should be the value of Not-Before-Tolerance in the OpenToken adapter configuration?
Component
PingFederate 9.x
Click the tab for your server platform to see the instructions for configuring time synchronization.
Configuring time synchronization with VMware virtual servers
Synchronizing with PingFederate servers instead of the default internet time service can solve synchronization errors in Windows Virtual Machine servers.
Configuring time synchronization with standalone Windows servers
Standalone Windows servers synchronize time with the W32Time service.
Configuring time synchronization with Linux/Unix servers
Synchronize the time on most Linux/Unix servers using a simple
ntpdate
or rdate
script.