Azure AD B2C logout after session timeout

Question

Situation

I have a web application that is using Azure AD B2C as its authentication. We\'re using OWIN OpenIdConnect to handle this process. The ses

Answer 1

Purpose is setup an inactive user's session timeout after 15 mins of inactivity. We have two web apps running on local IIS (it should/must behave same in ms azure cloud)

No.1 MVC web application (here we need inactive user's timeout to be happen after 15 mins)

No.2 MVC rest api

What we have to do create a new policy and assign to a Service principal object.

Please use below mentioned steps 1-6.

1.Download the latest Azure AD PowerShell Module Public Preview release.

2.Run the Connect command to sign in to your Azure AD admin account. Run this command each time you start a new session. Connect-AzureAD -Confirm

3. Create new policy New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"00:15:00","MaxInactiveTime":"00:15:00","MaxAgeSingleFactor":"01:00:00", "MaxAgeSessionSingleFactor":"01:00:00"}}') -DisplayName "KBTokenLifetimePolicy" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"

4.Find desired Azure AD B2C - Applications (Service principal object) ObjectId Get-AzureADServicePrincipal -Filter "DisplayName eq 'MultitenentPortal'" ObjectId AppId DisplayName

---

5.List polices and get ObjectId for KBTokenLifetimePolicy policy Get-AzureADPolicy Id DisplayName Type IsOrganizationDefault – ----------- ---- ---------------------

6.To add policy to web Azure AD B2C - Applications(Service principal object) : Add-AzureADServicePrincipalPolicy -Id -RefObjectId

Result : so far application doest not timeout. after 15 mins inactive period it still continue to navigate between pages and show data from api.