Wednesday, September 13, 2017

ADFS : RP default token lifetime

This question keeps coming up.

The default value for TokenLifetime on a RP trust is 0. But what value is 0?

As usual, a heap of garbage via Google.

60 minutes, 300 minutes, 600 minutes, 10 hours ...

Using ADFS 4.0 and looking at a SAML RP, we get:


Conditions        NotBefore="2017-09-12T19:24:01.817Z"
                   NotOnOrAfter="2017-09-12T20:24:01.817Z"


So the correct answer is 1 hour = 60 minutes.

Note: Don't confuse this with the ADFS wide WebSSOLifetime. This is a server wide timeout parameter.

The default value for that = 8 hours = 480 minutes.

Enjoy!

4 comments:

Ulrik said...

This seriously helped me. Like you, i had to go through a heap of garbage and misinformation. Thanks!

Ulrik said...

Thanks a lot! Like you, i had to go through a heap of misinformation.

Pete C said...

Wow, thank you, this also saved me a ton of time!

KeithwNZ said...

Ditto !!!!