ClockSkew SAML in IDP

I need to set the SkewClock into my IdentityProvider SAML which does the bridge with an ADFS server.

I know it is possible to set the SkewCloak when I have a client application using SAML, but in this case the client itself is the keycloak.

Currently I’m using KC 4.8.3 and I can upgrade to a new version if necessary.
Any ideas?

Hello carloshager,

I looked into the code and it looks like at the moment we don’t support this, the code is here: I think this won’t be hard to add similarly as for OIDC identity providers as one of configuration option. Feel free to create a feature request in our issue tracker. Contribution is welcome.


Hello @mhajas,

I wonder if you solved this issue?
I am facing the exact same problem with a Keycloak instance running in a container.


Hello @SamyOteroGlez. When you create SAML identity provider there is an Allowed clock skew option.

Hi Samy, yes, it has been fixed on the Keycloak 9 version.
It is already possible to set the values in the interface.