使用令牌生存期策略设置空闲会话超时 [英] set Idle session timeout using Token lifetime policies
问题描述
您好,我们按照文档中提供的命令,说明和示例进行了操作,发现它们可以正常工作,但并没有达到预期的效果.例如:
Hello we followed the commands , instructions and example provided in document and found that they work but not as expected. For eg:
- 我们为单因素会话令牌最大使用期限和多因素会话令牌最大使用期限设置了15分钟的政策,我原以为它会退出我的帐户,但它并不想在1小时后退出我的帐户, ID令牌的令牌生存期.
- PS C:\ WINDOWS \ system32> Set-AzureADPolicy -Id ae87a997-7cbe-4a09-8796-6525671207c9-定义@('{'``TokenLifetimePolicy''
:: {版本":1,"AccessTokenLifetime":"00:10:00","MaxInactiveTime":"00:15:00","MaxAgeSessionSingleFactor":"00:17:00" ,"MaxA
geSessionMultiFactor":" 00:17:00"}}')
此政策设置在第二次17分钟后使我退出.我的意思是第一次刷新访问令牌会增加id令牌的过期时间,而10分钟之后它也会增加,无论我是否工作积极,它都会使我第二次退出比赛.
- we set policy for Single-Factor Session Token Max Age and Multi-Factor Session Token Max Age for 15 mins and I was expecting it will sign me out but it didn't rather it signed me out after 1 hour which is the token lifetime of id token.
- PS C:\WINDOWS\system32> Set-AzureADPolicy -Id ae87a997-7cbe-4a09-8796-6525671207c9 -Definition @('{"TokenLifetimePolicy"
:{"Version":1,"AccessTokenLifetime":"00:10:00","MaxInactiveTime":"00:15:00","MaxAgeSessionSingleFactor":"00:17:00","MaxA
geSessionMultiFactor":"00:17:00"}}')
This policy setting signed me out after 17 minutes the second time. I mean the first time access token got refreshed which increased expiry time for id token as well after 10 mins and it kicked me out 2nd time irrespective of I am working actively or not.
为什么上面的设置不执行空闲会话超时.如果用户正在积极使用应用程序,访问令牌将得到刷新,如果会话令牌正在检查ID令牌的有效性,会话令牌也应该刷新.如果我处于非活动状态,则访问令牌将 不刷新,它将超时.
why does the above setting doesn't do idle session timeout. if user is actively using application , access token will get refreshed and so should session token if it is checking the id token validity and if I am inactive access token will not refresh and it will timeout .
由于上述设置无效,有人可以建议如何使用令牌生存期策略实现空闲会话超时吗?
As above settings are not working , can someone please suggest how to implement idle session timeout using token lifetime policies?
谢谢!
推荐答案
重新创建策略并设置令牌生存期策略的定义.请参阅https://docs.microsoft.com/zh-cn/azure/active-directory/active-directory-configurable-token-lifetimes
这篇关于使用令牌生存期策略设置空闲会话超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
