Configurable Token Lifetime policy is not working #43080
Comments
|
@kamranbashir I'm sorry to hear that you are facing this issue. Would you please share the link to the document that you are following? |
|
Issue also raised with ms azure team / Microsoft suppot @Alberto-Vega-MSFT FYI, Here is well known azure Documentation LINK I am using for my B2C tenent.
my personal opinion @MarileeTurscak-MSFT is also a great ms expert to advice in this matter. Reference stackoverflow: |
|
Even tried "MaxInactiveTime":"00:10:00". full detail about policy is below mentioned. If you read defination in below mentioned all lies, it never happen!! Affects: Refresh tokens Summary: This policy controls how old a refresh token can be before a client can no longer use it to retrieve a new access/refresh token pair when attempting to access this resource. Because a new refresh token usually is returned when a refresh token is used, this policy prevents access if the client tries to access any resource by using the current refresh token during the specified period of time. This policy forces users who have not been active on their client to reauthenticate to retrieve a new refresh token. The Refresh Token Max Inactive Time property must be set to a lower value than the Single-Factor Token Max Age and the Multi-Factor Refresh Token Max Age properties. Our custom policy New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{ |
|
Also created issue here |
|
@kamranbashir I looked at the support ticket and I see that support engineer is asking you for some information. Can you please engage there? She should be able to help you solve your problem. There is no point to having this open also in the docs since you are getting help there. Closing this issue for now. |
|
This answer is further addressed in the Q&A forums : https://docs.microsoft.com/answers/questions/1463/token-lifetime-policy-is-not-working.html?childToView=1526#answer-1526 |
Purpose is setup an inactive user's session timeout after 15 mins of inactivity.
We have two web apps running on local IIS (it should/must behave same in ms azure cloud)
No.1 MVC web application (here we need inactive user's timeout to be happen after 15 mins)
No.2 MVC rest api
What we have to do create a new policy and assign to a Service principal object.
Use below mentioned steps 1-6 and it creates required object in azure.
1.Download the latest Azure AD PowerShell Module Public Preview release.
2.Run the Connect command to sign in to your Azure AD admin account. Run this command each time you start a new session.
Connect-AzureAD -Confirm
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"00:15:00","MaxInactiveTime":"00:15:00","MaxAgeSingleFactor":"01:00:00", "MaxAgeSessionSingleFactor":"01:00:00"}}') -DisplayName "KBTokenLifetimePolicy" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"
4.Find desired Azure AD B2C - Applications (Service principal object) ObjectId
Get-AzureADServicePrincipal -Filter "DisplayName eq 'MultitenentPortal'"
ObjectId AppId DisplayName
5.List polices and get ObjectId for KBTokenLifetimePolicy policy
Get-AzureADPolicy
Id DisplayName Type IsOrganizationDefault
– ----------- ---- ---------------------
6.To add policy to web Azure AD B2C - Applications(Service principal object) :
Add-AzureADServicePrincipalPolicy -Id -RefObjectId
Result : so far application doest not timeout. after 15 mins inactive period it still continue to navigate between pages and show data from api.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: