SharePoint 2013 Search Application is not forcing user user to reauthenticate, shows access denied.

We have a On-prem Sharepoint 2013 setup, with SAML Authentication.

  • SAML Token Expires in 5mins.
  • Session Cookie Expires in 5hours.
  • Login Token Cache on SharePoint is 1min.

Scenario:

  1. User starts a new session, requests the SharePoint site
  2. Browser is redirected to Authentication provider, and browser is redirected back to SharePoint presenting the SAML Token
  3. SharePoint accepts the token and provide user with a 5 hours session cookie.
  4. If user perform a search within the SAML Token 5mins life time, search application will work.
  5. If user tries to search after the SAML Token 5mins life time, search application returns: 
ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter condition is not satisfied. NotOnOrAfter: '8/25/2015 5:17:19 PM' Current time: '8/25/2015 5:46:57 PM'
ID3242: The security token could not be authenticated or authorized.

Shouldn't Sharepoint send user back to the Authentication provider to re-authenticate? And suggestion in configuration is appreciated. Thank you.

  • Edited by Tak Wan Wednesday, August 26, 2015 7:23 PM
August 26th, 2015 7:21pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics