If you are implementing a Claims SharePoint WebApplication with Form Login and you want to force login after a specific period of time, what you need is to change behavior of Security Token Service (STS).
Changing attributes of <forms> tag inside webapp web.config does not affect because SharePoint manage FEDAUTH cookie internally, based on STS configuration.
By default, SharePoint store this authentication cookie on disk. So the behavior is that when a user close browser after authentication and re-open the same web app, no credential are required. This is due to default UseSessionCookies property value of STS that is $false.
To change this use following PS script:
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $true
$sts.Update()
iisreset
This store FEDAUTH cookie in memory.
In order to control timespan for each session you can change STS property in this way.
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $true
$sts.CookieLifetime = (New-TimeSpan -Minutes 5)
$sts.FormsTokenLifetime = (New-TimeSpan -Minutes 5)
$sts.ServiceTokenLifetime = (New-TimeSpan -Minutes 5)
$sts.Update()
iisreset
No comments:
Post a Comment