Login fails with SSO after timeout from Druva console with ADFS as IdP
This article applies to:
- Product edition: Phoenix
Phoenix administrator fails to login to the Phoenix Management Console using SSO credentials with ADFS as IdP when the console session is timed out due to inactivity. The admin has to wait for some time to login again from the SSO page of the organization.
ADFS has a property called “TokenLifetime” of relying party object on the ADFS server. Default value of “TokenLifetime” in ADFS is 480 min. If the admin changes the TokenLifetime value to 0 (zero) while configuring ADFS, this issue may occur.
This resolution works for ADFS on Windows 2012, steps may vary for the other versions of Windows Servers.
- Run PowerShell as an administrator.
- Add ADFS snap-in to Windows PowerShell session.
PS > Add-PSSnapin Microsoft.Adfs.PowerShell
- Check the values set by for the relying party object.
PS > Get-ADFSRelyingPartyTrust -Name "relying_party"
- Set the “TokenLifetime” to default.
PS > Set-ADFSRelyingPartyTrust -Targetname "relying_party" -TokenLifetime 480