With the implementation of
OPENAM-5640, Hosted SPs now validate NotOnOrAfter and NotBefore assertion conditions, but time skew is not applied.
Skew can be applied on the IDP for the NotBefore, but if the end user does not have access to the IDP and the IDP and SP system clocks are not in sync, assertion validation will fail if the IDP issues an assertion NotBefore condition with a system time that is advance from actual current time.
Hosted SPs have "Assertion Time Skew" but this only applies to Assertion SubjectConfirmation, but not Assertion Conditions.
Option 1: Have the SubjectConfirmation Time Skew apply to the NotOnOrAfter and NotBefore Assertion Conditions.
Option 2: Create a second Time Skew value for Assertion Conditions.
Either way, we should change the console dialog from "Is in seconds. This is the skew time for NotBefore attributes in assertion" to note that it does or does not apply to Assertion Conditions along with SubjectConfirmation.
This is related to OPENAM-5639