0

I have implemented WSFed authentication mixed up with Cookie based authentication.

I want to set cookie expiration time to the SAML token timeout.

Is there any Azure AD API (REST or Configuration) I can use to access SAML token timeout? One way is to read it from configuration but looking out for more generic solution.

Thanks in advance for your help

Sushant Kulkarni
  • 1
  • 1

1 Answers1

0

AFAIK, there is no such Azure AD API we can read the lifetime for the token issued from Azure AD. Not sure which configuration you mean, normally the issue will declare the lifetime in the token-self.

For example, for the lifetime of SAML token, we can read the saml:Conditions element like below:

<saml:Conditions
     NotBefore="2004-12-05T09:17:05"
     NotOnOrAfter="2004-12-05T09:27:05">
     <saml:AudienceRestriction>
       <saml:Audience>https://sp.example.com/SAML2</saml:Audience>
     </saml:AudienceRestriction>
</saml:Conditions>

More about SAML, you can refer link below:

Single Sign-On SAML protocol

Fei Xue
  • 14,369
  • 1
  • 19
  • 27
  • Thanks, can we trigger / set cookie authentication after receiving the SAML token? So that I can calculate the lifetime and set it to cookie expiration. – Sushant Kulkarni Sep 29 '17 at 06:33
  • Not sure how you write the cookie to client. If you were using the cookie OWIN component, there is no such event we can write the expired time for cookie dynamically. And based on my understanding, there is no necessary to config the same life time for the cookie with SAML token. You just need to consider the cookie expire time for your web application based on the business web app required. – Fei Xue Sep 29 '17 at 08:25