ADFS TokenLifeTime Maximum?

好久不见. 提交于 2020-07-22 12:06:45

问题


I am using ADFS 2.0 for authentication for my mvc 3.0 web app. I set my TokenLifeTime on my relying party to 1440 (24 hours), but when I step through my code after I log in I can see that the ValidTo date of the session token is only 600 mins (10 hours) from now. If I change TokenLifeTime to be less than 600 the datetime matches what I expect when I log in. i.e. if I set TokenLifeTime to 5, the ValidTo date on my session token is 5 mins from when I logged in.

I haven't found any reference to a maximum number for this value, but I also haven't been able to account for why I can't increase the ValidTo time on my session token to longer than 600 mins.

So...

Is 600 the maximum value for TokenLifeTime?

Is there anything else that affects the ValidTo time on the session tokens issued by ADFS?


回答1:


I've been looking at this and I think I've come up with a working solution - I've not used it in anger yet so I can't be sure that it doesn't contain any issues!

Essentially it intercepts the token after it has been created but before anything has started using it. Then replaces it with a token that contains all the underlying detail of the original but with a much longer validTo date, as decided by the value of validForDays

void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
    var currentToken = e.SessionToken;
    var validForDays = 1;

    e.SessionToken = new SessionSecurityToken(
        currentToken.ClaimsPrincipal,
        currentToken.Context,
        currentToken.EndpointId,
        DateTime.UtcNow,
        DateTime.UtcNow.AddDays(validForDays));

    e.SessionToken.IsPersistent = true;
}

This lives in Global.asax.cs



来源:https://stackoverflow.com/questions/19059184/adfs-tokenlifetime-maximum

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!