I need advisory support on my issue with registered application on AAD. When we registered the app with AAD for SSO using SAML it was working fine initially. But now it throws error whenever we tried to login to that app using AAD user cred. The login was working good in edge,chrome private mode but it is not working in normal mode. When we check the saml trace. We see that there is incorrect date & Time showing in SAML response from AAD. It shows 2020 year in response when the app is configured on AAD. I dont have the app access as it is of our client which we support. So need an advice as why incorrect date and time is showing in SAML response (when in normal mode) but in private mode login works without any issues.
Tried clearing cache and cookies, resync edge profiles but still the error reoccurs again.
Ran into this recently. AuthnInstant is the original login date for the session and Azure does not change it even as you refresh your session over time. With a private mode azure updates the date
It is fairly easy to work around. In Azure Enterprise Applications access the application and then create a new Conditional Access policy
Ensure that only the one app is specified and set the Session Sign in frequency to a low enough value. For our app we finally had to set it to 1 hour. Four hours was too long but I did not try 2 hours.
This forces a new azure login after one hour when you try to access the application again. AuthnInstant is updated to the new time and everything works. You may need to play with the time frame to get a value that works.