Single Page Application with ADFS - Timeout Issue

Question

I am creating a single page application (SPA) with ASP.Net MVC3 and ADFS (using passive federation). Everything is working as expected with the exception of what I will call "re-authentication from ADFS". Periodically (less than 30 minutes), the website will attempt to re-authenticate the user with the STS. This would be fine, however the web application is built as a single page aplication so we never reload the page once it is loaded. Furthermore, the reauthentication request often occurs during an ajax call.

ADFS has the default settings for WebSSOLifetime and TokenLifetime.

Is there a way to either: a)Re-authenticate the user silently in the background from the javascript (perhaps with creative use of CORS and/or JSONP)? or b) Extend the time between re-authentication requests? or c) something else.

Regarding b) it seems like I can set persistentCookiesOnPassiveRedirects="true" and then inside the cookieHandler set the persistentSessionLifetime to a desired value.

<wsFederation persistentCookiesOnPassiveRedirects="true" passiveRedirectEnabled="true" issuer="xxx" realm="yyy" requireHttps="true" />
    <cookieHandler requireSsl="true" persistentSessionLifetime="0.8:0:0" path="/" />

However, I'd prefer to not use persistent cookies.

Lastly, I have played with the Freshness setting described here: How to set the timeout properly when federating with the ADFS 2.0 without success.

Any help would be greatly appreciated.

Answer 1

Regarding b), the setting you want is the Token Lifetime. You can update this value using the Set-AdfsRelyingPartyTrust PowerShell script:

Set-AdfsRelyingPartyTrust -TargetName "My App" -TokenLifetime 120

The value for token lifetime is in minutes. The default value (0) for AD FS 2.0 is 60 minutes.

As for a), the only method I know of is to catch the exception that is thrown by the ajax call and refresh your single page.