IDP initiated SAML login error - Authentication statement is too old to be used with value

Your IDP is re-using information that user has authenticated earlier (at time identified by Authentication Instant) and Spring SAML is by default configured to not let user login if she's been authenticated more than 7200 seconds ago.

It's a security measure - if it's a long time ago since the computer has authenticated the user, it's hard to guarantee that it's still the same person operating the computer. Spring SAML provides you some means to configure what level of security will be acceptable - for example by making this configurable.

You can increase this value by setting property maxAuthenticationAge on the WebSSOProfileConsumerImpl bean.

The audience error should happen only when the assertion contains Audience elements and none of them matches the entity ID of your application. I don't think the Response in your question is the one triggering this error?

Just an FYI on this topic, Google has confirmed that currently do not honour the forceAuthN flag for SAML redirects. Seeing issues with authentication timeout on SAML token as a result. Documented here: Google Apps SSO as IdP into Spring SAML2 - Authentication token timeout