FedAuth Cookie intermittently set as persistent cookie

Similar Messages

• FedAuth cookie expiration ADFS in SharePoint 2010

  I have the follow situation: TokenLifetime on ADFS STS  for SharePoint setted for 10 hours and the LogonTokenCacheExpirationWindow  on SharePoint setted to 1 minute.
  But I see from time to time that after 2 hour user may be redirected to ADFS STS. We have NLB on our solution, may be SPTokenCache not adopted to work with NLB? The Affinity on the NLB Servers is set with single. We have users
  randomly be redirected back to a login page. We make use of Persistent cookies.
  Sometimes the users end up in an authentication loop that causes ADFS to halt the request because of a perceived denial of service (DOS) attack, as the note states.
  If i look at a trace of the activity, i see SharePoint setting the fedauth cookie has an expired value, and start making the requests again to ADFS, which then, for reasons which are still unclear to me, either won’t issue
  you a non-expired cookie, or SharePoint looks at and transforms it to an expired cookie.  That’s what kicks off that DOS cycle I described above. 
  I don't get it because i USE SINGLE AFFINITY WITH WINDOWS LOAD BALANCER! Please help :(
  jtjscholten

  Hi  jtjscholten,
  Before sending a new FEDAUTH cookie back to the user’s browser, SharePoint calculates the expiration of the cookie with the following formula:
  SAML Token Lifetime – Logon Token Cache Expiration Window
  For example, if ADFS sets the SAML Token Lifetime to 10 minutes and Logon Token Cache Expiration Window is set in the STS as 2 minutes then the overall SharePoint session lifespan is 8 minutes.
  And if (TokenLifeTime - LogonTokenCacheExpirationWindow) =< 0 then you get a loop.
  For your issue, please take steps as below:
  Try below command on ADFS server:
  Add-PSSnapin Microsoft.ADFS.PowerShell
  Set-AdfsRelyingPartyTrust –TargetName "[ourrelayingpartytrustreference]" –TokenLifeTime 10
  Stop and start the ADFS server(do not restart it. Manually stop and start it)
  Then run below command on sharepoint server
  $sts = Get-SPSecurityTokenServiceConfig
  $sts.LogonTokenCacheExpirationWindow = (New-Timespan -Minutes 1)
  $sts.Update()
  iisreset
  Reference:
  http://social.technet.microsoft.com/Forums/en-US/f8d0fa27-2044-47c1-8dbd-0cf6dfb49942/fedauth-cookie-intermittently-set-as-persistent-cookie?forum=sharepointadmin
  http://msdn.microsoft.com/en-us/library/hh147183.aspx
  http://technet.microsoft.com/en-us/library/jj219795(v=office.15).aspx
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• FedAuth cookie not geneatred in SP2013 with SiteMinder as Trusted Identity Provider

  Hello,
  We have configured Site Minder (with SAML 1.1) as trusted identity provider in SP2013. We have mapped  Email Address as claim type. But we found in Fiddler that FedAuth cookie is not getting generated so users are not able to access the site and redirects
  to sign in page again.
  Any help provided here much appreciated.
  Thanks
  Shital

  Hi Shital,
  The default expiration time of the FedAuth cookie is 10 hours, you could change the expiration time of the FedAuth cookie per the link below:
  http://dotnetfollower.com/wordpress/2013/07/sharepoint-how-to-change-the-expiration-time-of-the-fedauth-cookie/ 
  Fiddler you will not be able to see these cookies as they are generated client side.
  http://blogs.msdn.com/b/mcsnoiwb/archive/2012/06/10/lost-authentication-cookies-in-sharepoint.aspx
  If you are using load balancing solution, don’t forget affinity:
  http://blogs.technet.com/b/speschka/archive/2011/10/28/make-sure-you-know-this-about-sharepoint-2010-claims-authentication-sticky-sessions-are-required.aspx
  For more information:
  http://fredericloud.com/2011/01/11/connecting-to-sharepoint-with-claims-authentication/
  Regards,
  Rebecca Tu
  TechNet Community Support

• If we set cache persistant time in physical table is there any issues we wi

  hi all
  one small question i have that is ,
  with out using event pooling tables,if i set the cache persistent time ,will i face any problem?
  any disadvantages will i face ?
  Thanks

  hi,
  set the cache persistent time ,will i face any problem?no problem at all but it is for each any every time .....let say if u set the time as 2minutes but after a year some one has updated the table wanted to see results in a minute then u already setted the parameter to 2 minutes the cache presistent time u need to change manually where as coming ton the event polling no need of that it ll update directly...maintainence purpose event polling is best one
  BTW,one link to answer your cache q's
  http://obiee101.blogspot.com/search/label/CACHE
  Dont forget to close the previous threads
  Thanks,
  Saichand.v

• How to use Correlation set to persist record in BPEL for multiple request

  Hi ,
  I need to persist record in BPEL as it a stateful.I am using soa suite 11.1.1.5 v.The purpose is to persist multiple messages from single service/partnerLink(JMSAdapter)and aggregated to form a group message using BPEL correlation set concept
  There are 5 message in a JMS queue like 1st message ->one,2nd message->two,3rd message->three,4th message->four,5th message->empty
  All are text messages.Last message/string is an empty message.
  IS it possible in bpel to fetch all the 5 message(using JMS adapter) under one single instance and append all messsage until empty string is not coming?
  My final output would be one single message:*onetwothreefour*

  Can you contact me offline @ [email protected] ?

• Local Storage Setting Not Persisting.

  Hi all,
  I'm having a problem trying to increase the local storage
  setting in my Flash Player. Since I installed the flash player the
  local storage setting was set to None. Each time I try to increase
  it and then go back to settings panel it has reset itself to None.
  I think this is an issue with my machine, is there anything that
  could cause this problem? Permissions on a directory perhaps? I
  have seen that local storage information is stored in
  %APPDATA%/Macromedia/Flash Player... but this directory does not
  exist for my user.
  Thanks in advance,
  Paul

  I am having the same problem. I even used the online Global
  Manager and it kept going back to zero!
  I am also having problems with the "Display" hardware
  accelerator keeping my flash from going
  to fullscreen. I can't uncheck the stupid thing! I am Going
  step after step of uninstalling everything
  completely and re-installing it again. Vista came with the
  2nd version before this new one and it didn't
  have the hardware accelerator option. It worked fine with IE,
  but I use Firefox and had to download the newest
  and achiest. If I find a solution, I will definitely write
  back with it.

• Encoder Counter Intermittently Set to 0

  I am using Labview on a windows XP box with a 6221 DAQ board connected to a 7330 motion controller via a RTSI bus.  I believe I have everything roughly working, but there is a behavior that I would like to explain before I go live.
  I am sampling an analog input in lock step with a counter that is fed by the encoder signal from the motor.  So I have a series of 2 numbers that I record to file, and the sampling starts at the same time, the sampling is done by the same clock.  This all seems to work.
  If I look at my series of #s regarding the counted ticks that the counter has generated from the linear encoder task that I set up to keep track of the encoder position, I'll get what I expect, but once in awhile there will be a 0 stuck in there.
  For example:
  1000
  1001
  1002
  1003
  1004
  1005
  1006
  1007
  1008
  1009
  1010
  1011
  1012
  0
  1014
  1015
  1016
  1017
  1018
  1019
  1020
  1021
  1022
  1023
  I cannot seem to discern when this happens and when it does not.  My first guess is it has to do with motor speed/acceleration and sampling rate of the DAQmx Create Channel T(AI) I used to sample the analog input which is the same sample clock that is used for the DAQmx Create Channel (CI-Position Linear Encoder), but I have not had this behvior be reproducible based on sampling frequency or motor speed.
  I appreciate any ideas.
  Thanks

  Sorry for the delay, I've been working on other items.
    OK so as I understand it you are trying to control a stepper motor (based on that's what the 7330 does) and you have it in closed loop (which is why you have an analog and digital signals) and are reading back the analog and digital position data. 
  Clarification: I am reading the digital position data from the encoder and analog voltage from a force transducer that will vary over the course of the movement (the force will be all over the place during move)
  Both of which are being read back by the 7330 and then the digital signal from the encoder you are passing via RTSI to the DAQ board and that is where you are reading and recording those values. 
  Further Clarification:  Only the digital encoder signal goes back to 7330 and then is routed over the RTSI. The analog signal goes striaght into the DAQ.
                              Additionally, the digital encoder signal gets routes over RTSI to PFIs 8,10,9 that are counter 0's inputs.  I then set up a DAQmx Create Channel (CI Linear Encoder) event to sample the counter in step with the analog input.
      I guess it would be pretty hard to see if there is a missing pulse looking at the TTL signal on the 7330's user defined digital lines...but what if you wire the siganl directly up to the DAQ board? any change?
  Have not tried, and probably won't (I'll explain why I won't try below)
  and in your example the count goes from 12 to 14 and there is the 0 where 13 should be...is this always the case? does it keep the correct count? and is it always at the same number? 
         The count doesn't skip #s, it just goes 12 12 12 12 0 12 12 12 13 13 13 14 14 14  (I need to check this behavior more, will do that next week)
         Count is correct
         Not at the same #
         -Since there is no # skipping, or I can just interpolate what 0 should be, I'm hesitant to rewire things.
  Also, does the analog signal have anything to do with the digital signal you are sending to the counter (other than that you want them to have the same sample clock)
      The signals have nothing to do with each other at this point because I am just debugging the system with a fake input
  Seeing that I am sampling a counter, all I can think of is that there is a mismatch somewhere in the counter sampling event.  That is to say, the counter value is always at a value, when it gets latched and how many times it is sampled and how many times I read it out might give some mismatch where I think that I have recorded X events, but because of timing, only X-1 samples have made it into the buffer?  Could it be something like that, that would be my only explaination of why a 0 gets in there, because as I said I am sampling a counter.
  Thanks

• Set Static (Persistent) Networking Route

  I've been pouring over the internet looking for a solution to my problem. I am very new to Apple and am attempting to access an AS/400 system at my work. I have the documents on how to set it up properly in a windows environment but nothing for a Mac and my corporate support doesn't 'do' macs.
  Basically I need to set a static network route. The Windows command looks like this:
  route add -p 42.0.0.0 mask 255.0.0.0 42.242.80.193
  How can I get this working on my macbook pro? Please be gentle as I'm as green as they come!
  Thank you in advance for any assistance you may offer.

  Open the Terminal app and type in *man route* for instructions on using the route command
  Or search Google for the Unix route command

• MTU setting not persistent?

  Hello Guys sorry if this has been posted. I need some help, I've been trying to set my network MTU setting manually however everytime I reboot my MBP it always go back to automatic configuration. I'm aware that you have to be the system admin to change the setting. Do I really have to configure my MTU everytime I reboot my MBP or Am I missing something here? Thanks in advance...

  ??
  1500 is the largest possible value. You can't use a value higher than that. If you entered a value of 1600 in the terminal you were probably using a value of 100.
  Usually people suffering from problems caused by MTU find relief using values of 1490 or even 1492.

• Non-persistent cookie

  Hi!
  How can i set non-persistent cookie? My problem is : i want to set a cookie which expire when :
  1/- the session die
  2/- after 2 hours (if the session is still running)
  Thanks for help
  Simon Pierre NOLIN

  Check the API for the setMaxAge() method of the Cookie class.
  Bosun

• Auto-login using cookies

  I have been prototyping and researching Weblogic authentication for several weeks
  now. With a form-based login servlet, how would one implement auto-login? Basically,
  the web site is supposed to set a persistent cookie which contains the users login
  information (encrypted). When the user comes back, they should be logged in automatically.
  This seems like a pretty common concept, but totally unsupported by J2EE. I have
  looked into using filters, but ran into several problems. First, filters don't
  get executed on a protected resource unless the user is authenticated. I don't
  want to use Weblogic's AuthFilter since it's deprecated. Secondly, I tried modifying
  my login servlet to forward to j_security_check. That doesn't work because Weblogic
  won't let you. There is a workaround for that, but j_security_check ignores whatever
  wrapper you put around HttpServletRequest. This makes it impossible to "login"
  for the user. Third, I tried using ServletAuthentication.weak() to manually authenticate
  the user, but how do I redirect the user back to the intended URL? I figured
  out where Weblogic stores the URL in the HttpSession, but that's not officially
  documented.
  I noticed some references in Weblogic's Portal product that it supports auto-login.
  However, I haven't figured out how to do it myself in a Weblogic server.
  I am using Weblogic 7 sp2. Thanks in advance.

  Chun,
  what you need to do is to implement is a Perimeter Authentication. I did that
  successfully with SP2. You have to use SP2, because in SP1 there qas no way to
  supress that all cookies are BASE64 decrypted.
  What helped me a lot is to study SampleSecurityProvidersUnmanaged.zip that you
  can download from
  dev2dev/code
  Enjoy!
  Cheers.
  Frank
  "Chun Hsu" <[email protected]> wrote:
  >
  I have been prototyping and researching Weblogic authentication for several
  weeks
  now. With a form-based login servlet, how would one implement auto-login?
  Basically,
  the web site is supposed to set a persistent cookie which contains the
  users login
  information (encrypted). When the user comes back, they should be logged
  in automatically.
  This seems like a pretty common concept, but totally unsupported by J2EE.
  I have
  looked into using filters, but ran into several problems. First, filters
  don't
  get executed on a protected resource unless the user is authenticated.
  I don't
  want to use Weblogic's AuthFilter since it's deprecated. Secondly, I
  tried modifying
  my login servlet to forward to j_security_check. That doesn't work because
  Weblogic
  won't let you. There is a workaround for that, but j_security_check
  ignores whatever
  wrapper you put around HttpServletRequest. This makes it impossible
  to "login"
  for the user. Third, I tried using ServletAuthentication.weak() to manually
  authenticate
  the user, but how do I redirect the user back to the intended URL? I
  figured
  out where Weblogic stores the URL in the HttpSession, but that's not
  officially
  documented.
  I noticed some references in Weblogic's Portal product that it supports
  auto-login.
  However, I haven't figured out how to do it myself in a Weblogic server.
  I am using Weblogic 7 sp2. Thanks in advance.

• Once I set a page zoom level, I want it to persist until I manually change it.

  IE 8 allows me to set a persistent page zoom level (e.g., 150%). Then whenever I open IE 8, my home page displays at the level I set; likewise for any addition pages that I navigate to. Having to press "Ctrl +++ for every new page is something I would like to avoid. Am I overlooking a feature that already exists?

  If you need to adjust the font size on websites then look at:
  * Default FullZoom Level - https://addons.mozilla.org/firefox/addon/6965
  * NoSquint - https://addons.mozilla.org/firefox/addon/2592

• How do I keep my new finder window preference set to open a certain folder on the server?

  Since switching to Lion, my new finder window preference keeps resetting itself to default. When I open a new finder window I want it to be a certain folder on our server. This setting was persistent in Snow Leopard. Now I have to keep setting it back, sometimes more than once a day. Please help, its very time consuming to have to click through to get to the folder I use most often every time I open a finder window.
  Mac Pro (early 2009)
  Processor 2.66 GHz Quad-core Intel Xeon
  Memory 8 GB 1066 Mhz DDR3ECC
  Graphics ATI Radeon HD 4870 512 MB
  Mac OS X Lion 10.7.1 (11B26)

  Enabling thirds-party cookies is the default and if there aren't any other changes made then Firefox will show "Remember History"
  Choosing the "Use custom settings for history" setting doesn't make any changes.<br />
  If Firefox shows the "Use custom settings for history" setting then that is an indication that at least one of the history and cookie settings are not the default to make you aware that changes were If all History settings are default then you see "Firefox will: (Never) Remember History" and the custom settings are hidden.<br />

• "number of items in all folders" setting keeps changing

  Hello
  I have the problem, that a customer wants to see the number of mails in an outlook folder (exchange). When I set the option "number of items in all folders" it works - but only as long, as Outlook is running... 
  As soon as I close Outlook, it changes back to the number of unread items...
  How can i permanently set this option to "number of items in all folders"?
  Kind regards, 
  Eddie

  Hi,
  By default, the "Show total number of items" setting should persists after restarting Outlook. Moreover, the setting will also be kept when you change to another computer.
  Please try to create a new mail profile in Control Panel and reconfigure your Exchange account to troubleshoot the issue. For your reference:
  http://support.microsoft.com/kb/829918
  Please let me know the result.
  Regards,
  Steve Fan
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• How to create a JMS persistent file store using WLST in WLS 9.0?

  Anybody have a good example of this? When I try to create a fileStore and set it on my jms server I am getting the following error: "TypeError: setPersistentStore(): 1st arg can't be coerced to weblogic.management.configuration.PersistentStoreMBean'
  Thanks :)

  Hi,
  First Create Persistent Store ( FileStore / JDBCStore).
  File Store Creation is as follows:
  Store = create("PStore","FileStore")
  Set it's File Directory and Targets.
  then Create JMS Server and set its Persistent Store as File Store. Set JMS Server Target.