0

Web application is using ADFS for authentication.After the successfull login of the application , I kept the application idle for about 30 minutes. Now when the user tries to go to a page , the application redirects to the ADFS portal and gets authenticated. I have set the persistenSessionLifeTime for 60 days.I could see the expiration time of FedAuth Tokens correctly in the chrome developer tools. Please find the configuration below. Why is it going after every 30 minutes ? I know some the Token issued by ADFS is getting expired. Could you please help me to solve this.

    <system.identityModel>
    <identityConfiguration saveBootstrapContext="true">
      <claimsAuthenticationManager type="TruckDataWebAPI.Controllers.AuthenticationManager,TruckDataWebAPI" />
      <audienceUris>
        <add value="xxxxxxxxxxxxxxxx" />
      </audienceUris>
      <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
        <trustedIssuers>
          <add thumbprint="xxxxxxxxxxxxxxxxx" name="xxxxxxxxxxxxxxxxxxx" />
          <add thumbprint="xxxxxxxxxxxxxxxxxx" name="xxxxxxxxxxxxxxxxxxxxx"/>
        </trustedIssuers>
      </issuerNameRegistry>
    </identityConfiguration>
  </system.identityModel>
  <system.identityModel.services>
    <federationConfiguration>
      <wsFederation  passiveRedirectEnabled="false" issuer="xxxxxxxxxxxxxxxxx" persistentCookiesOnPassiveRedirects="true" realm="xxxxxxxxxxxxxxxx" reply="xxxxxxxxxxxxxxx" requireHttps="true"  />
      <cookieHandler  mode="Default" requireSsl="true" persistentSessionLifetime="60.0:0:0" />
    </federationConfiguration>
  </system.identityModel.services>
Sid
  • 3
  • 3

1 Answers1

0

There are two tokens; the ADFS one and the RP (application) one.

You need to set both.

Also, ensure the ADFS value is smaller so that when the RP token times out, the ADFS will also so user will be asked to authenticate again.

Good overview here.

Community
  • 1
  • 1
rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • Thank you very much. I figured it out, it was RP which was set 0 ,even though my FedAuth token expiry was set longer , the portal was getting logged off. I extended the hours of RP . So I am looking for a way to show off a custom logOff page which I developed during the expiration of the FedAuth Token cookie. Do you have any idea ? – Sid May 17 '17 at 23:06