![]() Web app session timeout - Indicates how a session is extended by the session lifetime setting or the Keep me signed in (KMSI) setting. You can set the session lifetime up to 24 hours. Web app session lifetime (minutes) - The amount of time the Azure AD B2C session cookie is stored on the user's browser after successful authentication. You can configure the Azure AD B2C session behavior, including: Mobile applications might store the session in a different way but using a similar approach. The application session can be a cookie-based session stored under the application domain name, such as. If there is no app session or the session has expired, the app will take the user to the Azure AD B2C sign-in page. When a user tries to access a protected resource on the app, the app checks whether there is an active session on the application side. If there is an active session at Facebook, the user is not prompted to provide their credentials and is immediately redirected to Azure AD B2C with a Facebook token.Ī web, mobile, or single page application can be protected by an OAuth2 access token, ID token, or SAML token. On the Azure AD B2C sign-up or sign-in page, the user chooses to sign-in with their Facebook account.The application redirects the user to Azure AD B2C to complete the sign-in process. Later, the user opens your application and starts the sign-in process. ![]() A user signs into Facebook to check their feed.Instead, session behavior is determined by the federated identity provider. Azure AD B2C doesn't control the federated identity provider session. The cookie is stored under the identity provider's domain name, such as. Federated identity provider sessionĪ social or enterprise identity provider manages its own session. ![]() You can configure the session behavior, including the session TTL and how Azure AD B2C shares the session across policies and applications. If the session is still active (or if the user has signed in with a local account instead of a federated account), Azure AD B2C authorizes the user and eliminates further prompts. If the federated identity provider session is expired or invalid, the federated identity provider prompts the user for their credentials. If a user initially signs in with a federated account, and then during the session time window (time-to-live, or TTL) signs in to the same app or a different app, Azure AD B2C tries to acquire a new access token from the federated identity provider. The cookie is stored under the Azure AD B2C tenant domain name, such as. When a user successfully authenticates with a local or social account, Azure AD B2C stores a cookie-based session on the user's browser.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |