ADFS TokenLifeTime最大值? [英] ADFS TokenLifeTime Maximum?

问题描述

我正在使用ADFS 2.0对我的mvc 3.0 Web应用程序进行身份验证.我将依赖方的TokenLifeTime设置为1440(24小时)，但是登录后逐步浏览代码时，可以看到会话令牌的ValidTo日期距离现在只有600分钟(10小时).如果我将TokenLifeTime更改为小于600，则日期时间与我登录时的预期时间相符.即，如果将TokenLifeTime设置为5，则会话令牌上的ValidTo日期距离我登录后的5分钟.

I am using ADFS 2.0 for authentication for my mvc 3.0 web app. I set my TokenLifeTime on my relying party to 1440 (24 hours), but when I step through my code after I log in I can see that the ValidTo date of the session token is only 600 mins (10 hours) from now. If I change TokenLifeTime to be less than 600 the datetime matches what I expect when I log in. i.e. if I set TokenLifeTime to 5, the ValidTo date on my session token is 5 mins from when I logged in.

我没有找到关于此值的最大值的任何参考，但是我也无法解释为什么我无法将会话令牌上的ValidTo时间增加到600分钟以上.

I haven't found any reference to a maximum number for this value, but I also haven't been able to account for why I can't increase the ValidTo time on my session token to longer than 600 mins.

所以...

TokenLifeTime的最大值是600吗?

Is 600 the maximum value for TokenLifeTime?

还有其他影响ADFS发出的会话令牌的ValidTo时间吗?

Is there anything else that affects the ValidTo time on the session tokens issued by ADFS?

推荐答案

我一直在研究这个问题，并且我想出了一个可行的解决方案-我还没有因为愤怒而使用它，所以我可以确保没有任何问题！

I've been looking at this and I think I've come up with a working solution - I've not used it in anger yet so I can't be sure that it doesn't contain any issues!

基本上，它在

Essentially it intercepts the token after it has been created but before anything has started using it. Then replaces it with a token that contains all the underlying detail of the original but with a much longer validTo date, as decided by the value of validForDays

void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
    var currentToken = e.SessionToken;
    var validForDays = 1;

    e.SessionToken = new SessionSecurityToken(
        currentToken.ClaimsPrincipal,
        currentToken.Context,
        currentToken.EndpointId,
        DateTime.UtcNow,
        DateTime.UtcNow.AddDays(validForDays));

    e.SessionToken.IsPersistent = true;
}

它存在于Global.asax.cs

This lives in Global.asax.cs

这篇关于ADFS TokenLifeTime最大值?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！