Skip to main content

How can we help you?

Druva Documentation

Login fails with SSO after timeout from Druva console with ADFS as IdP

This article applies to:

  • Product edition: Phoenix

Problem description

Phoenix administrator fails to login to the Phoenix Management Console using SSO credentials with ADFS as IdP when the console session is timed out due to inactivity.  The admin has to wait for some time to login again from the SSO page of the organization.

Cause

ADFS has a property called “TokenLifetime” of relying party object on the ADFS server. Default value of “TokenLifetime” in ADFS is 480 min. If the admin changes the TokenLifetime value to 0 (zero) while configuring ADFS,  this issue may occur.

Resolution

This resolution works for ADFS on Windows 2012, steps may vary for the other versions of Windows Servers.

 

  1. Run PowerShell as an administrator.
  2. Add ADFS snap-in to Windows PowerShell session.

    PS > Add-PSSnapin Microsoft.Adfs.PowerShell
  3. Check the values set by for the relying party object.

    PS > Get-ADFSRelyingPartyTrust -Name "relying_party"
  4. Set the “TokenLifetime” to default.

    PS > Set-ADFSRelyingPartyTrust -Targetname "relying_party" -TokenLifetime 480
  • Was this article helpful?