ADFS 3.0 – Extend Login-Token Lifetime

Without further Configuration, the Lifetime of a Login-Token in ADFS is very limited. To avoid permanent relogins, we need to extend the Lifetime by using PowerShell:

At first we need the Display Name of the Relying Party Trust. Therefore we’ll open the ADFS Management and navigate to ADFS -> Trust Relationships -> Relying Party Trusts.

Then we’ll execute the following one-liner by using the PowerShell-Console:

Get-ADFSRelyingPartyTrust -Name "[Display Name]" | Set-ADFSRelyingPartyTrust -TokenLifetime 720

The Parameter “-TokenLifetime” determines the Lifetime in Minutes. In our case we would have set the Lifetime to 12 Hours.

The changes made will apply immediately and all future Tokens will have now an extended Lifetime.

2 comments

  1. Hi, What is the maximum value for “TokenLifeTime” parameter ?
    I have try to set it to 44640 corresponding to 31 days but no result.
    Apparently the value 21600 (15 days) is working.
    Thanks in advance.

    1. Hi, it seems like this isn’t documented by microsoft’s technet. I never had the need to extend the value that much, so unfortunately I don’t have an answer for you here.
      I guess you can try it by taking always the mean value of the last “works” and “works not”-value to determine the max value quite fast. Sorry that I can’t give you a better answer here. If you decide to figure out the maximum value, I’d be happy if you share the answer with us 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *