The following PingFederate error message is caused by either network latency or a time synchronization error:

ERROR [com.pingidentity.adapters.opentoken.BaseAuthnAdapter] Error decoding token 
com.pingidentity.opentoken.TokenException: Invalid token; token is not yet valid (not-before > now)

For a network latency issue, see the Knowledge Base article What should be the value of Not-Before-Tolerance in the OpenToken adapter configuration?

Component

PingFederate 9.x

Click the tab for your server platform to see the instructions for configuring time synchronization.