SAML Autopost Frequency

Agent for SharePoint Guide › Install and Configure the CA SiteMinder Agent for SharePoint › Manage SharePoint Connections Using the SharePoint Connection Wizard › SAML Autopost Frequency

SAML Autopost Frequency

The following settings determine the frequency at which a SAML autopost operation occurs in your SiteMinder and SharePoint environments:

Skew time (set in the SharePoint Connection wizard)
Validity duration (set in the SharePoint Connection wizard)
Logon Token Cache Expiration window (set in SharePoint)

If these settings create a short interval, pop-up windows related to the autopost operation appear. If these settings create a longer interval, inactive users remain logged in for longer periods than the security policies of your organization prefer.

The following illustration describes the relationships among components that affect how often the SAML autopost occurs:

The skew time plus the validity interval should equal the LoginCacheExpriationWindow value plus one minute

The following table provides some examples of how changes in the Login Cache Token value on SharePoint change how often the SAML autopost occurs:

SiteMinder				SharePoint	Approximate Time Between SAML Auto Post Operations

Realm Idle Timeout	Realm Max Timeout	Validity Period	Skew Time	Logon Token Cache Expiration Window	Approximate Time Between SAML Auto Post Operations
1 hour	1 hour	4400 seconds (1 hour 13 minutes)	10 seconds	10 minutes	63 minutes
1 hour	1 hour	4400 seconds (1 hour 13 minutes)	10 seconds	5 minutes	68 minutes

When the Logon Token Cache Expriation Window setting in SharePoint is lower, the SAML autopost operation occurs less often. However, inactive users could possibly remain logged in.

Note: For more information about how to disable FedAuth cookies in SharePoint 2010, go to the technet blogs website, and then search for the following phrase:

"Setting the Login Token Expiration Correctly for SharePoint 2010 SAML Claims Users"