Use the ValidFrom and ValidTo properties to determine the time period in which a Saml2SecurityToken token is valid. The ValidFrom and ValidTo properties represent the first and last instants in time in which the security token is valid, respectively.
By default, a 5-minute clock skew is allowed between the sender and receiver of the security token. So, if the NotOnOrAfter property is set to 1:00 PM, then the ValidFrom property is set to 1:05 PM.
When the ValidTo property is set to MaxValue, then the SAML assertion associated with this Saml2SecurityToken security token does not have any conditions set.