ADFS,AD组和令牌生存期配置 [英] ADFS, AD Groups, and Token Lifetime Configurations
问题描述
我正在使用ADFS Claims(而不是Windows Claims)设置的SharePoint场,正在尝试围绕Token生存期进行总结.我们看到的问题是,如果用户被添加到广告组中,他们将无法获得对SharePoint的访问权限 先前已添加AD组的站点.这是我习惯处理的一种预期行为,但是我想弄清楚的是,用户需要等待多长时间才能刷新其令牌并可以访问令牌. SharePoint网站.
I am working on a SharePoint farm that was setup with ADFS Claims instead of Windows Claims and I am trying to wrap my head around Token lifetimes. The issue we are seeing is if a user is added to an AD Group they do not receive access to the SharePoint site where the AD Group has been added previously. This is an expected behavior which I am used to dealing with, but what I am trying to figure out is how long the user needs to wait before their token will be refreshed and they will be able to access the SharePoint site.
当前,我们的SharePoint安全令牌配置的LogonTokenCacheExpirationWindow为10分钟.
Currently our SharePoint security token configuration has a LogonTokenCacheExpirationWindow of 10 Minutes.
ADFS中的SharePoint信赖方信任具有480分钟的令牌寿命.
The SharePoint Relying Party Trust in ADFS has a token lifetime of 480 minutes.
我不确定哪个设置控制令牌刷新,是10分钟还是480分钟?
I am not sure which setting controls the token refresh, is it 10 minutes or 480 minutes?
推荐答案
HI
下面的文章可以解决您的查询.
Below article can solve your queries.
这篇关于ADFS,AD组和令牌生存期配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!