ADFS 2.0 token expiration time

StackOverflow https://stackoverflow.com/questions/9994148

Pergunta

I am caching a token issued by a ADFS 2.0 on the client and use it several times when calling the service.

In the production environment I want to ensure that the token a client can cache expires after a few minutes. I have read that the token from the ADFS 2.0 expires after 10 hours, but I can't find a place where I can change the expiration time of a token for a relying party.

This is how I currently request a token from the STS:

WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(binding, http://adfs/adfs/services/trust/13/windows");

trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;
WSTrustChannel channel = (WSTrustChannel)trustChannelFactory.CreateChannel();
RequestSecurityToken rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue);

rst.RequestDisplayToken = true;
rst.AppliesTo = new EndpointAddress("http://*****/IService);
rstr = null;
SecurityToken token = channel.Issue(rst, out rstr);

I have tried setting the WEB SSO time to two minutes, but it does not seem to have any affect.

What is the correct place to configure the expiration time on the ADFS?

Foi útil?

Solução

You can use the ADFS PowerShell extension module to perform this operation:

Use:

Set-AdfsRelyingPartyTrust –TargetName "Relying party name" –TokenLifeTime 5

to set expiration to 5 minutes.

Remember to load the ADFS PowerShell snap-in first, by running 

Add-PSSnapin Microsoft.Adfs.PowerShell

Further documentation can be found here: http://technet.microsoft.com/en-us/library/adfs2-powershell-basics%28v=ws.10%29.aspx

http://technet.microsoft.com/en-us/library/adfs2-help-using-windows-powershell%28v=ws.10%29.aspx

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top