10.9. Time Sync SAML, like many authentication protocols (e.g. Kerberos), relies on timestamps to validate messages. If you see one of these errors in the httpd logs:
[auth_mellon:error] [pid xxx] [client xxx] NotBefore in Condition was in the future.
[auth_mellon:error] [pid xxx] [client xxx] NotOnOrAfter in Condition was in the past.
date
2023年 1月 27日 金曜日 23:54:09 JST
localectl status
System Locale: LANG=ja_JP.UTF8
VC Keymap: n/a
X11 Layout: us
X11 Model: pc105
timedatectl
Local time: 金 2023-01-27 14:55:48 UTC
Universal time: 金 2023-01-27 14:55:48 UTC
RTC time: 金 2023-01-27 14:55:47
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
timedatectl set-timezone Asia/Tokyo
timedatectl status
Local time: 金 2023-01-27 23:55:34 JST
Universal time: 金 2023-01-27 14:55:34 UTC
RTC time: 金 2023-01-27 14:55:33
Time zone: Asia/Tokyo (JST, +0900) System clock synchronized: yes
NTP service: active
RTC in local TZ: no
reboot ← 再起動しておく方が確実