AADSTS50008 SAML Token Is Invalid ADFS Error

When a federated user tried logging into Office 365 portal, the generic "We have received a bad request" error came up in the browser. The detailed information towards the bottom of the browser had a proper error.

More...

A correlation id and timestamp of the error was displayed and the last line of the detailed information had the error below.

AADSTS5008 SAML token is invalid.​

There were no ADFS errors to go by. A specific detail that got my attention was the timestamp displayed in the error. The time shown was not matching with what the user was seeing on his desktop.

After looking more into it, we nailed the problem. The issue was that the time throughout the AD domain was off by 7 minutes than the standard time. The PDC Emulator was not synching the time with a trusted external time source, but was using the CMOS clock. Go figure!

Since all machines across had the same time (even though different from the actual time), every other operation was working fine. The issue went away as soon as the AD time was brought in line with the actual time.​

Share
+1
Share2
Must Read Articles

Mutex Acquisition Failed – Azure AD Connect Error

Change Bad Items Limit Of Failed Move Request On The Fly

Free Busy Not Working From Office 365 To On-Premise

Auto-Mapping Mailboxes After Office 365 Migration

Disable Clutter For Office 365 Mailboxes

Migration Batch Or Move Request For Office 365 Migration?

    Rajith Jose Enchiparambil
     

    UC Architect, Blogger, Husband & Dad. I have been in IT for the last 17 years, with interests in Exchange, Office 365 & Azure. I am active on Experts Exchange & TechNet forums and I am a technical author for SearchExchange. Follow me on Twitter, LinkedIn, Facebook or Google+ for the latest updates. For consultancy opportunities, drop me a line.

    Click Here to Leave a Comment Below 0 comments