In my custom page, I have controls where I have to do certain validation and populate controls based on some selection using client side javascript object model in sharepoint 2013
My js code looks like this
var oLoader = SP.UI.ModalDialog.showWaitScreenWithNoClose(SP.Res.dialogLoading15);
var clientContext = new SP.ClientContext(enteredUrl);
var website = clientContext.get_web();
clientContext.load(website);
clientContext.executeQueryAsync(function () {
// do nothing as the URL is valid
oLoader.close();
return true;
}, function (sender, args) {
oLoader.close();
var msg = "Error occured";
ShowModalPopUp(msg, "", "Popup Title");
return false;
});
This code works fine if the SAML token is valid. But if I keep the page open for sometime, it starts throwing popup with "Error occured".
On troubleshooting the ULS logs, we found "SAML token is found in local cache but is expired. Returning null"
I have executed Get-SPSecurityTokenServiceConfig and found that the token is expiring after 10 mins. Now we can increase the time for expiration of SAML token, but there are some security concerns in doing so.
I was wondering if there is a better way to handle from JSOM to revalidate the token and complete the operation in sharepoint 2013.
Note: If I refresh the page and do the intended operation on the page then I don't get this error as the token is getting revalidated.
Just to add to my finding in terms of getting saml token expiration period
The following table describes the two configuration options that directly affect when SharePoint requires a user to get a new SAML token from the issuer.
Configuration value | Notes |
SAML token lifetime | The token issuer sets this value. In ADFS, you can configure this separately for each relying party by using the Set-ADFSRelyingPartyTrust PowerShell command. Once the SAML token expires, the SharePoint session expires, and the user must re-authenticate with the token issuer to obtain a new SAML token. By default, SharePoint sets the session lifetime to be the same as the SAML token lifetime. |
LogonTokenCacheExpirationWindow | This SharePoint configuration value controls when SharePoint will consider that the SAML token has expired and ask the user to re-authenticate with the issuer and obtain a new token. SharePoint checks whether the SAML token has expired at the start of every request. For example, if ADFS sets the SAML token lifetime to ten minutes, and the LogonTokenCacheExpirationWindow property in SharePoint is set to two minutes, then the session in SharePoint will be valid for eight minutes. If the user requests a page from SharePoint seven minutes after signing in, then SharePoint checks whether the session is set to expire during the time in minutes represented by LogonTokenCacheExpirationWindow: in this case the answer is no because seven plus two is less than ten. If the user requests a page from SharePoint nine minutes after signing in, then SharePoint checks whether the session is set to expire during the time in minutes represented by LogonTokenCacheExpirationWindow: in this case the answer is yes because nine plus two is greater than ten. |
Thanks & Regards, Soumyadev | Posting is provided "AS IS" with no warranties, and confers no rights.