Change lifetime of a Security token for a claims-based authentication

2017-12-01T15:28:44+00:00 October 28th, 2011|Azure, Cloud, Windows|

We had an issue recently when deploying ADFS 2.0 and claim based authentication for CRM 2011. Basically after 40 minutes we would get an error in CRM saying that we needed to re-authenticate.

This is due to “The lifetime of a default security token for a claims-based authentication deployment using AD FS 2.0 is 60 minutes. By default, Microsoft Dynamics CRM Server 2011 is configured to display the Authentication is Required dialog box 20 minutes before the token expires.”

To sort this we ran the following command on our ADFS server from PowerShell ( Please change setting in red to apply to your setup )

  1. Add-PSSnapin Microsoft.Adfs.PowerShell
  2. Get-ADFSRelyingPartyTrust -Name:"crmrelyingpartyname" | Set-ADFSRelyingPartyTrust -TokenLifetime 240