Hi! I would like to know the steps for force the user authentificate when the token lifetime expires. Actually I have the webconfig just with basic authentification, as explained
here. But it still follow the same behaviour as before change being basic the last authentification type, that's redirect to adfs and automatically login in the customer portal.
In the other hand, it can be modified by updating any of the propeties of the relaying party trust through power shell?
Explain a bit mnore about your app -- browser based app, webapi, what? Sounds like you're using WIF in the app (since you mention adfs)? A bit more context, please.
Hi! sorry abot that! It's an asp.net app (based on the Adx Portal) using ADFS for authentificate conected to a CRM solution. This app is working for all browser and have to have the same behaviour of authentification in all of them.
I just want to change the authentification mode for the customer portal, and not for CRM and now I realized I don't have to modify the web.config in ADFS because this will change the behaviour of all tokens.
If you need more characteristics please tell me. Thanks
I guess I'm still unclear on what the setup really is. How are you accepting tokens in your web application? I assume you're using WIF? So if your token expires, then WIF will simply redirect the user back to the STS. Are you not experiencing this?
Sorry for couldn't explain better, but I'm lost with all around ADFS authentification. We are using Identity claim, we have an AD server too where I create the users. What occurs now, is that when the token lifetime expires, the user is redirected
to ADFS and automatically logged in the web app. Thanks for your interest
Yes, the user is redirect to the STS, but what I want is avoid the automatically login, I mean, once the lifetime has expired, the user should enter his credentials (name and pasword) again. Avoiding like this, possible problems when the user left his open
session in a public computer.
Sorry for the big delay for answer and thanks for your replies! I have add the freshness property set to "1" in my web.config and still hapenn the logon automatically after that time. The TokenLifeTime of the relying party trust is set to "1" also.
jorge_sr
Member
4 Points
34 Posts
Force authentication when token lifetime expires
Jan 29, 2013 01:13 PM|LINK
Hi! I would like to know the steps for force the user authentificate when the token lifetime expires. Actually I have the webconfig just with basic authentification, as explained here. But it still follow the same behaviour as before change being basic the last authentification type, that's redirect to adfs and automatically login in the customer portal.
In the other hand, it can be modified by updating any of the propeties of the relaying party trust through power shell?
Thanks!
BrockAllen
All-Star
27434 Points
4891 Posts
MVP
Re: Force authentication when token lifetime expires
Jan 29, 2013 01:41 PM|LINK
Explain a bit mnore about your app -- browser based app, webapi, what? Sounds like you're using WIF in the app (since you mention adfs)? A bit more context, please.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
jorge_sr
Member
4 Points
34 Posts
Re: Force authentication when token lifetime expires
Jan 29, 2013 02:12 PM|LINK
Hi! sorry abot that! It's an asp.net app (based on the Adx Portal) using ADFS for authentificate conected to a CRM solution. This app is working for all browser and have to have the same behaviour of authentification in all of them.
I just want to change the authentification mode for the customer portal, and not for CRM and now I realized I don't have to modify the web.config in ADFS because this will change the behaviour of all tokens.
If you need more characteristics please tell me. Thanks
BrockAllen
All-Star
27434 Points
4891 Posts
MVP
Re: Force authentication when token lifetime expires
Jan 30, 2013 01:33 AM|LINK
I guess I'm still unclear on what the setup really is. How are you accepting tokens in your web application? I assume you're using WIF? So if your token expires, then WIF will simply redirect the user back to the STS. Are you not experiencing this?
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
jorge_sr
Member
4 Points
34 Posts
Re: Force authentication when token lifetime expires
Jan 30, 2013 08:36 AM|LINK
Sorry for couldn't explain better, but I'm lost with all around ADFS authentification. We are using Identity claim, we have an AD server too where I create the users. What occurs now, is that when the token lifetime expires, the user is redirected to ADFS and automatically logged in the web app. Thanks for your interest
BrockAllen
All-Star
27434 Points
4891 Posts
MVP
Re: Force authentication when token lifetime expires
Jan 30, 2013 04:48 PM|LINK
So once the token expires the user is redirected to the STS/IdP -- this is good. Is it not what you want?
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
jorge_sr
Member
4 Points
34 Posts
Re: Force authentication when token lifetime expires
Jan 31, 2013 09:31 AM|LINK
Yes, the user is redirect to the STS, but what I want is avoid the automatically login, I mean, once the lifetime has expired, the user should enter his credentials (name and pasword) again. Avoiding like this, possible problems when the user left his open session in a public computer.
BrockAllen
All-Star
27434 Points
4891 Posts
MVP
Re: Force authentication when token lifetime expires
Jan 31, 2013 01:03 PM|LINK
In your RP's .config you can set a freshness value to indicate how long the user's credentials should be valid for the STS.
<wsFederation requireHttps="true"
passiveRedirectEnabled="true"
realm="http://localhost/rp"
issuer="https://localhost/sts/issue/wsfed"
freshness="10"
/>
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
jorge_sr
Member
4 Points
34 Posts
Re: Force authentication when token lifetime expires
Feb 08, 2013 09:00 AM|LINK
Sorry for the big delay for answer and thanks for your replies! I have add the freshness property set to "1" in my web.config and still hapenn the logon automatically after that time. The TokenLifeTime of the relying party trust is set to "1" also.
BrockAllen
All-Star
27434 Points
4891 Posts
MVP
Re: Force authentication when token lifetime expires
Feb 11, 2013 01:50 AM|LINK
Not sure then -- perhaps the STS isn't honoring it.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/