I have compiled below wrt ADFS timeout data from several sources.
There are two main timeouts in the ADFS configuration:
- WebSSOLifetime - server timeout parameter - default = 480 minutes
- TokenLifetime - configured for each relying party - default = 10 hours
WebSSOLifetime:
, RPs (Relying Party). , RP, ADFS. ADFS , , , ( ADFS) RP (, RP). - WebSSOLifetime , ADFS RP . , RP RP, , , , WebSSOLifetime ADFS.
TokenLifetime:
RP, RP. RP, ADFS. , RP, . ADFS RP. , ADFS , .
, TokenLifetime, , . , - , 10 , . TokenLifetime script, :
• PowerShell
"Add-PSSnapin Microsoft.Adfs.Powershell"
• :
Get-ADFSRelyingPartyTrust -Name " ADFS
• TokenLifeTime ADFS , :
set-ADFSRelyingPartyTrust -Targetname " ADFS " -TokenLifetime " "
RP .
, , , WebSSOL , TokenLifetime.
, RP - . , RP , 10 ( TokenLifetime 10), WebSSOL RP 50 . ADFS. - . , WebSSO , RP .
:
, " " (OASIS - wfresh). ( freshness = "0" ), federatedAuthentication web.config, IDP WCT.
OASIS - wfresh:
" OPTIONAL . , , . IP/STS . " 0 ", IP/STS ."
, :
ADFS ISA TMG, - ADFS, , .
MSISSignOut , ADFS ( ), Relying Party, ADFS , , . , Single Sign Out Single Logout. ISA/TMG SAML, /.
Reverse Proxy , :
• -, ADFS
• , .
Reverse Proxys ADFS, , - ADFS .
ADFS. . - .
, ADFS , - ADFS. TMG - ADFS, .
, .