Hi,

We have few doubts on Clock Tolerance  in Vmware SSO as below

1.From our application we are calling SSO "Issue token" API and we are getting a bearer token; without any lifetime parameter input.

2.we try to validate the token using "validate" API in a guest vm

3.the clock tolerance of the setup is 10 minutes

Observation:

the token is valid when guest vm is faster than VCSA within 10 mins range

VCSA-3 p.m. IST and Guest Vm is 3.08 pm IST

the token is invalid when guest vm is slower than VCSA within 10 mins range

VCSA-3.08 p.m. IST and Guest Vm is 3.00 pm IST

How does clock tolerance works in this scenario?