Wednesday, November 28, 2012

SAML webapp and rtfa cookie Log out issue SharePoint 2010

Scenario: Today I came across an issue on SAML enable multi-auth webapp on SharePoint 2010. The issue is that when I login as SAML user and then try to Log-out or Sign as different user. It doesn't log me out, meaning it doesn't redirect to appropriate STS login page.

Solution: The fix for this is two fold . One has to be done on ADFS by running below script

Set-ADFSRelyingPartyTrust -TargetName "SPS 2010 ADFS" -TokenLifetime 5

and the other script must be run on SharePoint Farm as below:-

$sts = Get-SPSecurityTokenServiceConfig

$sts.LogonTokenCacheExpirationWindow = (New-TimeSpan –minutes 1)
$sts.Update()
Iisreset
 
 
Detailed information can be found in Steve Peschka's blog:-
 
Note: "TokenLifeTime" value must be greater than "LogonTokenCacheExpirationWindow".