Modified the SP configuration so that the IDP referenced URLs match that of the IDP server.
In our specific example, the incoming Authentication Request had a Destination header of Destination="https://IDP126novell.com/nidp/saml2/sso"The IDP servers local metadata URLs were the same as the above URL, but the case sensitivity was different.
As you may know, the Active Directory Federation Service (ADFS) uses SAML tokens to represent claims.
These claims about a user are made by the Federation Service Account (FS-A) server.
When the client gets redirected back to the Treyresearch federation server, the Not Before time will be compared to its local time.