Configuring Owin WS-Federation token expiration

Question

Configuring Owin WS-Federation token expiration

Can someone explain how to implement expiration acceleration using the new Owin WS-Federation plugin ?

Client-side in WS-Fedeartion configuration I see that there are several events , for example:

  Notifications = new WsFederationAuthenticationNotifications
            {
                SecurityTokenReceived = ...,
                AuthenticationFailed = ...,
                RedirectToIdentityProvider = ...,
                MessageReceived = ...,
                SecurityTokenValidated = ....
            },

But since the lack of documentation , I can’t understand where exactly?

At the moment, my STS is issuing tokens with an absolute expiration :

 protected override Lifetime GetTokenLifetime(Lifetime requestLifetime)
 {
        // 5 Minutes for token lifetime
        var lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(5));
        return lifetime;
 }

Any help is appreciated.

+4

owin katana ws-federation sts-securitytokenservice

Cristian E. Feb 20 '15 at 10:45

source share

1 answer

Pinpoint · Accepted Answer · 2015-02-20T14:59:06+0000

TL; DR: WsFederationAuthenticationOptions.UseTokenLifetime false, .

OWIN/Katana cookie ( , CookieAuthenticationOptions.SlidingExpiration false: https://katanaproject.codeplex.com/SourceControl/latest#src/Microsoft.Owin.Security.Cookies/CookieAuthenticationOptions.cs).

app.UseWsFederationAuthentication ( app.UseOpenIdConnectAuthentication), ClaimsIdentity . " " SignInAsAuthenticationType app.SetDefaultSignInAsAuthenticationType.

, SignInAsAuthenticationType cookie: , WS-Federation, cookie, cookie , . , , . WsFederationAuthenticationOptions.UseTokenLifetime false, , , , cookie .

WS-Fed (.. , ), , , . API , , .

Configuring Owin WS-Federation token expiration

More articles: