How to set the timeout properly when federating with the ADFS 2.0

Question

I am using ADFS 2.0 for quite some time and I understand how things work. I\'ve done dozen of custom RPs, custom STSes as well as using the ADFS as the relying STS.

Answer 1

You could also try changing ADFS from windows integrated authentication to forms based authentication. You will probably still have to monkey with the freshness property but now your users will have to enter their credentials even if they are on the same network as your AD.

This article explains it pretty simply:

http://social.technet.microsoft.com/wiki/contents/articles/1600.aspx

Answer 2

As per comments above (joint effort with the OP) the Freshness property on the FederatedPassiveSignIn instance should be set to 0.

According to http://docs.oasis-open.org/wsfed/federation/v1.2/ws-federation.html this indicates for the IP/STS to re-prompt the user for authentication before it issues the token.

Answer 3

It's quite strange that setting the TokenLifetime value didn't work . The article in MSDN explains timeout as a straight forward setting - by assigning TokenLifetime value. I'm interested to know whether the setting described in MSDN is correct. If that didn't help, then it's right time to revise that article. Hope that will be a big help to those who are facing this issue.