Symptoms

The following error occurs when trying to access K2 Appit generated sites:

ID____: The Saml2SecurityToken is rejected because the SAML2:Assertion's NotOnOrAfter condition is not satisfied. NotOnOrAfter: '1/14/2015 6:31:33 PM' Current time: '1/14/2015 6:43:28 PM'

where the value for Current Time will be after the NotOnOrAfter date and time.
 

Diagnoses

This error behavior generally presents itself after staying logged in or authenticated to your SharePoint/O365 environment for a long period of time. Generally this is seen when working within SharePoint from a laptop, as users tend to leave browser windows open between sleeping the operating system (e.g., generally closing the laptop at the end of the work day).

After a set time, authentication tokens will expire between Appit and SharePoint, surfacing the error in question.
 

Resolution

Usually the quickest way to solve this problem is to close out the browser windows that are logged into your SharePoint/O365 environment. Sometimes it will be necessary to close the browser entirely.

If after a browser restart the error still persists, clear all cache to ensure the authentication token is deleted, close the browser then reopen and re-authenticate into SharePoint.