We have a On-prem Sharepoint 2013 setup, with SAML Authentication.
- SAML Token Expires in 5mins.
- Session Cookie Expires in 5hours.
- Login Token Cache on SharePoint is 1min.
Scenario:
- User starts a new session, requests the SharePoint site
- Browser is redirected to Authentication provider, and browser is redirected back to SharePoint presenting the SAML Token
- SharePoint accepts the token and provide user with a 5 hours session cookie.
- If user perform a search within the SAML Token 5mins life time, search application will work.
- If user tries to search after the SAML Token 5mins life time, search application returns:
ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter condition is not satisfied. NotOnOrAfter: '8/25/2015 5:17:19 PM' Current time: '8/25/2015 5:46:57 PM' ID3242: The security token could not be authenticated or authorized.
Shouldn't Sharepoint send user back to the Authentication provider to re-authenticate? And suggestion in configuration is appreciated. Thank you.
- Edited by Tak Wan 11 hours 56 minutes ago