This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 75%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
We are using Azure AD Application proxy to access "legacy" applications in our datacenter.
The system works as expected for the most part. However, every XX(60?) minutes the session expires and the user is taken to logon.microsoft.com and than redirected back the the application behind the application proxy.
Some of the applications behind the proxy ask for user input. A user might be typing a form for 10 minutes, he presses apply, is redirect... en taken back and just lost 10 minutes of work.
Can we change the time a session has to reauthenticate? (does a feature request or roadmap exist?)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 78%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECH%3C/text%3E%3C/svg%3E)
Hi @Jochen I think what you're after is the 'access token lifetime' which is set to 1 hour by default. You should be able to increase it up to 1 day for your app as follows:
https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-understand-cors-issues#option-5-extend-the-lifetime-of-the-access-token
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 19%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hi @ChrisHill-9515,
I believe your are correct.
However, in the case of AzureAD Application Proxy.
I'm unable to Apply the policy with the longer timeout.
The Azure AD Enterprise application are not listed when running
Get-AzureADServicePrincipal | fl DisplayName
So I'm unable to apply it.
All other enterprise applications are listed hower.
I'll try to confirm this with Microsoft again.
Thanks, best regards.
In case anyone comes here in future, the second page appears to have lost the instructions - so here's what to do - update the two DisplayNames to reflect the app you want to change e.g. first is for Jira, second is for Confluence.
Also NB this increases the AccessTokenLifetime to 24 hours (or one second less than that actually but that appears to be the max value). Make sure you review the documentation above to be aware of the security implications of this.
Connect-AzureAD
$policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"23:59:59"}}') -DisplayName "JiraTokenLifetimePolicy" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq 'Jira'"
Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id
Connect-AzureAD
$policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"23:59:59"}}') -DisplayName "ConfluenceTokenLifetimePolicy" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq 'Confluence'"
Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id
Hi James,
That's the timeout on the backend webserver. Let's say if you have a long running request, how long does the Application proxy wait for the server to respond.
I need something differend.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 37%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
hi @James Hamil we are have configured Backend Application Timeout to long 180 seconds , is there a way we can increase this? as we experience gateway timeout ,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 46%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
The link is not working.
I have same issue when I'm running some large report more than 3 mins.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 99%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
@Jochen This is just a workaround, but multiple connections to the same application appear to reset the timer. So, opening a second browser tab to the same application before pressing apply will generally avoid losing the data in the first tab. I've used this approach with Jira and Confluence.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 32%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Hi @John Haller @Jochen Did anyone of you find resolved the issue? We are also facing similar issue for Confluence and would like to hear the cause and solution fro you.
Hi @John Haller @Jochen May I know if you are able to resolve the issue? We are facing similar issue with Confluence and woul like to hear from you.
I've applied the solution posted by Chris Hill. (Access Token Lifetime)
I think it's better, it's definitly not solvedfor us.
Your problem can also be caused if you use multiple application proxies though. If you have multiple, try the application if only one is online.
Hi @JayBee2 ,
Try Get-AzureADServicePrincipal -All | fl DisplayName
Hi @ChrisHill-9515,
You are right. I'm Currently I'm testing this.
Thanks a lot!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 40%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Did this work? We are having a similar issue.
Hi,
This definitely solved most of the issues for us.
When having multiple taps open to the application we still experience the behaviour, but it's much improved!