Windows Identity Foundation - relying party session security token lifetime

Question

I'm using Windows Identity Foundation (WIF) for authentication in my ASP.NET MVC 3 project. I've created simple security token service (STS) using default template available in the SDK (ASP.NET site with forms authentication).

Everything works fine, apart from the fact that my security session token lifetime (the one that is being generated on the relying party (RP), i.e. ASP.NET MVC site) seems to be set to 10 minutes despite that STS generated security token has lifetime of 1 hour.

I've tried to change token lifetime on the STS itself and lifetime of security session token generated on the RP in the SessionAuthenticationModule_SessionSecurityTokenReceived event. Same result - after 10 minutes RP redirects client to STS for authentication.

It seems that I'm missing something really obvious but I can't put my finger on it. Would really appreciate if someone could help me out.

score 1 · Accepted Answer · edited May 23 '17 at 12:20

1

The token your STS issues and the session cookie your RP application establishes are two separate things, both have their own lifetimes. After the token is consumed by your RP, its lifetime has no effect on the lifetime of the cookie that your RP creates to establish a session. But you can configure your session lifetime in your web.config like so:

How do I increase session timeout with W.I.F / SAML tokens / FedAuth cookie

edited May 23 '17 at 12:20

Community

1
1

answered Apr 03 '12 at 04:34

Andrew Lavers

8,023
1
33
50

Thanks, exactly what I've been looking for. – Foxbat Apr 12 '12 at 13:32

Windows Identity Foundation - relying party session security token lifetime

1 Answers1

Linked