0

I have an app that uses Owin/WsFederation to authenticate users with SAML tokens. In Startup.Auth, we set a claim with the associated encoded SAML token, and retrieve it upon login.

The problem is that the token only has a life span on 1 hour. So in the course of normal app usage, the token will expire, and services that rely upon it start breaking.

How would I go about silently renewing our SAML tokens, using Owin/WsFederation, if they have expired?

kdeez
  • 681
  • 1
  • 8
  • 17

1 Answers1

1

I had the same problem with my project (Framework 4.5.2) where the AD FS token expired and my ajax failed. The only solution that worked for me was the one mentioned by Raul Martin Ramos (you can find it here https://stackoverflow.com/a/41679450/11159799):

app.UseCookieAuthentication(new CookieAuthenticationOptions() 
{ 
    SlidingExpiration = false 
});
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
   {
      MetadataAddress = xxxxxxx,
      Wtrealm = xxxxxx,
      UseTokenLifetime = false,
   }

I am not sure if it's the best approach for that problem, but it's working now.

I hope it helps you.

Sansigolo
  • 11
  • 1
  • Just as a complement to my answer, I believe we can renew the token somehow but I couldn't achieve it in time (legacy code + deadline). You may find more information about [here](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-scenarios-for-developers) and [here](https://stackoverflow.com/questions/20637674/owin-security-how-to-implement-oauth2-refresh-tokens) – Sansigolo Aug 02 '19 at 13:15