locked
SharePoint Login Token Expiration for SAML Claims Users (not ADFS) RRS feed

  • Question

  • Hello,

    We want to enforce a 30 minute idle timeout in our SharePoint farm. After 30 minutes of being idle, upon the next page refresh, we want the SharePoint session to expire and to force the user to return to the IDP for authentication. 

    I have read how this can be done with ADFS, but we do not use ADFS. We also do not use Forms Authentication nor Windows NTLM. We do use claims authentication and use a third party identity provider (SAML tokens).

    My understanding is that SharePoint, during a page refresh,  must realize that a session or token has expired , and request re-authentication?   Possibly via the security token service? Or is it that the saml token expires, and so SharePoint sees this and asks for re-authentication? This would suggest a setting in the third party that controls the lifespan of the token?

    Looking for clarification.


    Marcel



    Friday, July 17, 2020 3:58 PM

Answers

  • SAML token expiration is configured on the IdP; ask your 3rd party provider how to do this. The SP (SharePoint, in this case) will see an expired token and redirect back to the IdP for authentication.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, July 17, 2020 4:13 PM

All replies

  • SAML token expiration is configured on the IdP; ask your 3rd party provider how to do this. The SP (SharePoint, in this case) will see an expired token and redirect back to the IdP for authentication.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, July 17, 2020 4:13 PM
  • Trevor,

    I guess SharePoint also decides when to ask for re-authentication. With the 3rd party token expiration set high, we are still returned to the authentication urls occasionally - sometimes after a few minutes, other times it may be over an hour. Is there anything I can control in SharePoint, such as a session timeout to control when this happens?


    Marcel

    Thursday, July 23, 2020 4:28 PM
  • Hi,

     

    Thanks for your response.

     

    All English SharePoint forums will be migrating to a new home on Microsoft Q&A . If you have any questions about SharePoint, welcome to post it on the new home.

     

    Best Regards

    Jerry


    "SharePoint" forums will be migrating to a new home on Microsoft Q&A !
    We invite you to post new questions in the "SharePoint" forums' new home on Microsoft Q&A !

    Monday, August 3, 2020 7:28 AM