<saml2:Conditions NotBefore="2011-10-04T21:39:17.731Z" NotOnOrAfter="2011-10-04T21:39:47.731Z">

During a token’s lifetime, the vCenter Single Sign-On server considers any request containing that token to be valid and the server will perform renewal and validation operations on the token. The lifetime of a token is affected by a clock tolerance value that the vCenter Single Sign-On server applies to token requests. The clock tolerance value accounts for differences between time values generated by different systems in the vSphere environment. The clock tolerance is 10 minutes.