The following settings determine the frequency at which a SAML autopost operation occurs in your SiteMinder and SharePoint environments:
If these settings create a short interval, pop-up windows related to the autopost operation appear. If these settings create a longer interval, inactive users remain logged in for longer periods than the security policies of your organization prefer.
The following illustration describes the relationships among components that affect how often the SAML autopost occurs:
The following table provides some examples of how changes in the Login Cache Token value on SharePoint change how often the SAML autopost occurs:
SiteMinder
|
SharePoint |
Approximate Time Between SAML Auto Post Operations
|
|||
---|---|---|---|---|---|
Realm Idle Timeout |
Realm Max Timeout |
Validity Period |
Skew Time |
Logon Token Cache Expiration Window |
|
1 hour |
1 hour |
4400 seconds (1 hour 13 minutes) |
10 seconds |
10 minutes |
63 minutes |
1 hour |
1 hour |
4400 seconds (1 hour 13 minutes) |
10 seconds |
5 minutes |
68 minutes |
When the Logon Token Cache Expriation Window setting in SharePoint is lower, the SAML autopost operation occurs less often. However, inactive users could possibly remain logged in.
Note: For more information about how to disable FedAuth cookies in SharePoint 2010, go to the technet blogs website, and then search for the following phrase:
"Setting the Login Token Expiration Correctly for SharePoint 2010 SAML Claims Users"
Copyright © 2013 CA.
All rights reserved.
|
|