We are having problems with Safari(and Opera) and from what I have read the FedAuth cookies are just too big.
There is an "neat trick" to fix this:
"WIF RTM added a property to the SessionAuthenticationModule, IsSessionMode. When flipped to true, IsSessionMode has the effect of ensuring that the SessionSecurityToken remains in the cache for the whole duration of the session and generating a cookie which contains just a session identifier rather than the content of the session itself."
I have this code in global.asax:
void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, Microsoft.IdentityModel.Web.SessionSecurityTokenCreatedEventArgs e)
{
FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
}
Problem is simple, "FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true" never runs, I have no idea why. Do you??
Or do you know how to use "PassiveSignInControl" to set IsSessionMode to true?
http://social.msdn.microsoft.com/Forums/en/Geneva/thread/ea00ec3f-ebdf-427c-929f-d4a196650552
http://blogs.msdn.com/b/vbertocci/archive/2010/05/26/your-fedauth-cookies-on-a-diet-issessionmode-true.aspx
From the book "Programming Windows® Identity Foundation":
"An interesting property of the SAM is IsSessionMode. When set to true, IsSessionMode has
the effect of storing the bulk of the session on a server-side token cache instead of writing
everything in the cookie. The cookie itself will just contain a small context identifier, which
will be used for retrieving the session on the server. Unfortunately, in this version of the92 Part II Windows Identity Foundation for Identity Developers
product there is no way to set IsSessionMode from the configuration file. You can set it via a
property of the PassiveSignInControl, or in the global.asax file as follows(same code as above)"
Old thread, but I believe SessionSecurityTokenCreated is the proper event to handle this--tested it and it works under "old WIF" and NET 4.5 with the appropriate namespace variations.
void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, System.IdentityModel.Services.SessionSecurityTokenCreatedEventArgs e)
{
e.SessionToken.IsReferenceMode = true;
}
Have you registered your event handler for the SessionSecurityTokenCreated event?
FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated
+= this.WSFederationAuthenticationModule_SessionSecurityTokenCreated;
This line needs to be added to the Application_Start medthod in your Global.asax file.
The FederatedAuthentication class in in the namespace Microsoft.IdentityModel.Web.
Hi try this: instead of the SessionSecurityTokenCreated event use the SecurityTokenValidated
In the global.ascx
void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e)
{
FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
}
Check the comment from Dominick Baier blog
One important thing to note is how to handle SecurityTokenValidated and SessionSecurityTokenCreated events of WSFederationAuthenticationModule class.
Alternative 1 — auto event wire up in global.asax (explicit method names without manual wiring to events):
void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e)
{
FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;
}
// or
void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
e.SessionToken.IsReferenceMode = true;
}
Alternative 2 — manual method wiring to events in global.asax. The point is that it must not be in Application_Start but in overriden Init:
void Application_Start(object sender, EventArgs e)
{
// Called only once on application start
// This is not the right place to wire events for all HttpApplication instances
}
public override void Init()
{
// Called for each HttpApplication instance
FederatedAuthentication.WSFederationAuthenticationModule.SecurityTokenValidated += STV;
FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += SSTC;
}
void STV(object sender, SecurityTokenValidatedEventArgs e)
{
FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;
}
// or
void SSTC(object sender, SessionSecurityTokenCreatedEventArgs e)
{
e.SessionToken.IsReferenceMode = true;
}
