I am trying to receive JWT token from oauth2 endpoint of ADFS in my single page application. I succesfully received code from oauth2 endpoint. After ajax POST request i received access_token and refresh_token. But when i look to access_token i have there only these claims:
{
"aud": "https://localhost/",
"iss": "http://fs.development.org/adfs/services/trust",
"iat": 1438015081,
"exp": 1438018681,
"email": "Test.User@development.org",
"role": "Domain Users",
"unique_name": "Test.User",
"primarysid": "S-x-x-xx-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxx",
"upn": "test.user@development.org",
"auth_time": "2015-07-27T16:40:01.636Z",
"authmethod": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"ver": "1.0",
"appid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
As you can see i didn't receive nbf claim from AD FS. I cannot find it in configuration of my relying party trust. I tried to set property NotBeforeSkew to two minutes and TokenLifetime to 60 minutes on my relying party in hope that AD FS start sending nbf claim. But i was wrong, nothing helps in any way.
So my question is this. It is possible to force from my application or from ad fs server to send nbf claim?
Maybe it is just matter of configuration but i wasn't able to deduce from documentation how this claim can be configured.
