I have some problem with my SAML custom policy in Azure B2C. One of my connected apps did not want me to login with my SAML response. I asked the support of that app and they told me the error message is something like "The request exceeds the allowable time to live".
So I had a look for my SAMLResponse and the conditions are:
<saml:Conditions NotBefore="2020-03-20T21:59:43.5226812Z"
NotOnOrAfter="2020-03-20T22:04:43.5226812Z">
I requested the resource 22:59 but the response is responding with NotOnOrAfter="2020-03-20T22:04:43 which is in the past. So. My app is running in my timezone and maybe it is refusing it because of this.
I tried to change the value for "NotOnOrAfter" to +1 hour, but that's not as easy as I hoped. In this documentation for the normal Azure AD it's documented to change the AccessTokenLifetime. So I followed this documentation to change it to one hour in my TrustFrameworkBase.xml. That is working great for my JWT testapp with the custom B2C_1A_signup_signin policy, but it has no effect to my NotOnOrAfter of my SAML policy although when I add the documented lines to my SAML RP Technical Profile.
Some ideas?
Also tried to add policies with Powershell for that app, but no effect too. Token is valid for just 5 minutes. I found some setting inside SP to disable date condition check for SAML. So it's okay for me.