My friend Assaf Israel showed me a bug in the new ADFS version in Windows Server 2012 Preview.
When calling ADFS endpoint /oauth/authorize to get an authorization token the server will call the method BeginAdd in the class Microsoft.IdentityServer.Server.ArtifactResolutionService.ArtifactService
to creates an artifact with an authorization token and store it in the database.
The server will set the expiration date to be UTC time + 5 min.
if (DateTime.Compare(artifact.Expire,DateTime.MinValue) == 0)
artifact.Expire = DateTime.UtcNow.AddSeconds((double).artifactService.LifetimeInSeconds);
When calling /oauth/authorize to get an OAuth Access Token the server loads the record from the database (with the authorization token) and check if it is valid. The problem is that the code checks the artifact against the current time and not against the UTC time.
The code in the method FetchArtifactFromLocalDatabase in the class Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OauthTokenProtocolHandler
if (artifact == null || DateTime.Compare(artifact.Expire, DateTime.Now)< 0)
In time zones such as Israel (GMT + 2) this check will always fail.
In time zone such as US West cost (GMT -8) this check will succeed.
So anywhere eastern to England you must use UTC time to get an access token from ADFS!!!
I reported this bug in Microsoft Connect.
Hope They will fix it.