Refresh/ Renew ADFS Security Token after expiration Time for a relying party

1
votes

Currently we are using Asp.Net core Web application (.net core 2.2) and ADFS as an Identity provider using WsFederation protocol. The Token-Life-Time for relying party is 60 mins. Users are automatically signed out and forced to sign-in again after 60 mins to re-authenticate and continue using the application. I assume this is typical scenario.

Is there any better approach where user can re-authenticate or refresh token after 60 mins without user intervention? Any pointers will be of great help.

• Asp .NET Core Web application - .NET Core 2.2 • ADFS on Windows 2012 R2 • ADFS Version: 6.3.9600.16384, WsFederation Protocol
• ADFS Token Lifetime : 60 mins • .NET core MW: Microsoft.AspNetCore.Authentication.WsFederation

1
adfs
This article indicates that WsFederation does not have the concept of Refresh tokens - community.auth0.com/t/…Saravanan Kesavarao

1 Answers

0
votes

Refresh tokens are not part of the WS-Fed spec.

You could move to OpenID Connect to do this.

Also, ADFS has two timeouts - one for ADFS in general and one for each RP.

If the ADFS timer is greater than the RP one, this will achieve what you want.

But it affects all RP and has security implications.