ADFS 2.0 Token Lifetime is not honouring
I have configured SAML authentication using ADFS 2.0 as IDP. please find the config details below,
Config 1: WebSSOLifetime = 60 RP's Token lifetime = 80
if try to login after 65 minutes, it's asking me to re-authenticate
Config 2: WebSSOLifetime = 60 RP's Token lifetime = 30
if I try to login after 30 minutes, I can able to login without re-autheticate.
As per my analysis, SSO is working based on WebSSOLifetime. what role RP's Token Lifetime is playing here
Consider the WebSSOLifetime to correspond to a refresh token, and the RP token to correspond to an access token.
When a user logs in to your application, the user presents the RP token to the application. If the RP token is expired, the user goes to ADFS to get a new RP token. ADFS will check their "WebSSOLifetime" token, and if the "WebSSOLifetime" is still valid, a new RP token will be issued, otherwise the user will have to authenticate to ADFS again and in turn get a new "WebSSOLifetime" token and RP token
This is very similar to how Kerberos works