OK...so I've bit the bullet and I'm good there...I've started working on my policy
I see timesource is returning an epoch date...which I get.
I created a timesource + 300 which is 1453213996 - or Jan 19, 2016
I picked 300 days because I wanted to test a particular user. I'll bring that 300 days down to something more reasonable.
That's what the clauase in my enforcement ruls look like
(Authorization:[Time Source]:Now Plus 300 days GREATER_THAN %{Certificate:Not-Valid-After}). I'm also matching the username to grab this one client.
For this auth
Certificate:Not-Valid-After 2015-07-16 21:25:28
I'm not hitting...clearly Jan 2016 is greater than July 2015. But I'm comparing an Epoch date with a Calendar date. Do I need to do anything different?