Last post Feb 12, 2013 04:14 AM by jorge_sr
Jan 29, 2013 09:13 AM|jorge_sr|LINK
Hi! I would like to know the steps for force the user authentificate when the token lifetime expires. Actually I have the webconfig just with basic authentification, as explained
here. But it still follow the same behaviour as before change being basic the last authentification type, that's redirect to adfs and automatically login in the customer portal.
In the other hand, it can be modified by updating any of the propeties of the relaying party trust through power shell?
Jan 29, 2013 09:41 AM|BrockAllen|LINK
Explain a bit mnore about your app -- browser based app, webapi, what? Sounds like you're using WIF in the app (since you mention adfs)? A bit more context, please.
Jan 29, 2013 10:12 AM|jorge_sr|LINK
Hi! sorry abot that! It's an asp.net app (based on the Adx Portal) using ADFS for authentificate conected to a CRM solution. This app is working for all browser and have to have the same behaviour of authentification in all of them.
I just want to change the authentification mode for the customer portal, and not for CRM and now I realized I don't have to modify the web.config in ADFS because this will change the behaviour of all tokens.
If you need more characteristics please tell me. Thanks
Jan 29, 2013 09:33 PM|BrockAllen|LINK
I guess I'm still unclear on what the setup really is. How are you accepting tokens in your web application? I assume you're using WIF? So if your token expires, then WIF will simply redirect the user back to the STS. Are you not experiencing this?
Jan 30, 2013 04:36 AM|jorge_sr|LINK
Sorry for couldn't explain better, but I'm lost with all around ADFS authentification. We are using Identity claim, we have an AD server too where I create the users. What occurs now, is that when the token lifetime expires, the user is redirected
to ADFS and automatically logged in the web app. Thanks for your interest
Jan 30, 2013 12:48 PM|BrockAllen|LINK
So once the token expires the user is redirected to the STS/IdP -- this is good. Is it not what you want?
Jan 31, 2013 05:31 AM|jorge_sr|LINK
Yes, the user is redirect to the STS, but what I want is avoid the automatically login, I mean, once the lifetime has expired, the user should enter his credentials (name and pasword) again. Avoiding like this, possible problems when the user left his open
session in a public computer.
Jan 31, 2013 09:03 AM|BrockAllen|LINK
In your RP's .config you can set a freshness value to indicate how long the user's credentials should be valid for the STS.
Feb 08, 2013 05:00 AM|jorge_sr|LINK
Sorry for the big delay for answer and thanks for your replies! I have add the freshness property set to "1" in my web.config and still hapenn the logon automatically after that time. The TokenLifeTime of the relying party trust is set to "1" also.
Feb 10, 2013 09:50 PM|BrockAllen|LINK
Not sure then -- perhaps the STS isn't honoring it.
Feb 12, 2013 04:14 AM|jorge_sr|LINK
I'll check the information in the STS and if I solve something I'll let you know! thank you!