PingFederate OpenToken Sample Application

Question

I'm trying out the sample applications provided together with the PingFederate .NET Integration Kit. I was able to make it work for the Single Server set-up (my machine served as both the IdP and the SP).

But when I tried setting up two machines like it was specified in this link: https://documentation.pingidentity.com/display/NETIK/Deploying+the+Sample+Applications

A more realistic scenario is to deploy the applications on a separate IIS server machine

I was able to edit the Adapter Instance and the Default URL but there's this problem of clock skew between servers

Verify that your server clocks are synchronized. If they are not synchronized, you can account for this by adjusting the Not Before Tolerance value in the OpenToken adapter configuration, which is the amount of time (in seconds) to allow for clock skew between servers. The default and recommended value is 0.

I checked the possible values and the max is 3600 seconds.

Question: What if my server has more than an hour of time difference? Is that set-up still possible? (Servers are actually on different time zones.)

Answer 1

The OpenToken uses GMT, so timezones are taken out of the picture - as long as your server is set to the proper time, and actual proper timezone for where it is, it should work just fine. For example, you can have serverA in New York City, and serverB in Los Angeles. If serverA is set to Eastern Time, and serverB is set to Pacific Time, then the OpenToken will work - since it converts times to GMT, the times on the token will be the "same".

Hope that makes sense - I need another cup of coffee this morning. :)