Shibboleth IdP + O365 Modern Authentication client issue

Tim Murphy tim.murphy at
Mon Mar 9 12:57:19 EDT 2020

Hi all

Just wondering if anyone has seen this before. We have set our Office 365 domain to federated mode and configured it to use our Shibboleth as the Identity Provider. All works so far and users have configured their clients with our IdP.

However we are noticing about every 24 hours that users are being signed out of the mobile/desktop clients, and being asked to login again. Has anyone seen this behaviour when using Shibboleth IdP and Office 365? Normally mobile/desktop clients should be persistent and shouldn't force a user out, but asking here just in case.

We have set our Azure AD Org policy, conditional access policy etc all to extended sessions on mobile apps, tried disabling MFA etc but to no avail. It should be noted that our IdP stores sessions for a max of 24 hours or if you change IP.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list