File name and redirection

Author: yoelhor

.openpublishing.redirection.json

@@ -6467,6 +6467,11 @@
       "redirect_url": "/azure/active-directory-b2c/saml-identity-provider-technical-profile",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/active-directory-b2c/custom-policy-manage-sso-and-token-config.md",
+      "redirect_url": "/azure/active-directory-b2c/configure-tokens-custom-policy.md",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/active-directory-ds/active-directory-ds-synchronization.md",
       "redirect_url": "/azure/active-directory-domain-services/synchronization",

articles/active-directory-b2c/TOC.yml

@@ -228,7 +228,7 @@
       - name: Customize tokens
         href: configure-tokens-custom-policy.md
       - name: Configure session behavior
-        href: session-behavior-custom.md
+        href: session-behavior-custom-policy.md
     - name: Pass through external IdP token
       href: idp-pass-through-custom.md
     - name: Adaptive experience

articles/active-directory-b2c/configure-tokens-custom-policy.md

@@ -87,5 +87,5 @@ The following values are set in the previous example:
 ## Next steps
 
 - Learn more about [Azure AD B2C session](session-overview.md).
-- Learn how to [configure session behavior in custom policy](session-behavior-custom.md).
+- Learn how to [configure session behavior in custom policy](session-behavior-custom-policy.md).
 - Reference: [JwtIssuer](jwt-issuer-technical-profile.md).

articles/active-directory-b2c/custom-policy-reference-sso.md

@@ -168,4 +168,4 @@ The following `SM-Saml-issuer` technical profile is used by [SAML issuer technic
 ## Next steps
 
 - Learn more about [Azure AD B2C session](session-overview.md).
-- Learn how to [configure session behavior in custom policy](session-behavior-custom.md).
+- Learn how to [configure session behavior in custom policy](session-behavior-custom-policy.md).

articles/active-directory-b2c/jwt-issuer-technical-profile.md

@@ -29,7 +29,7 @@ The following example shows a technical profile for `JwtIssuer`:
 ```XML
 <TechnicalProfile Id="JwtIssuer">
   <DisplayName>JWT Issuer</DisplayName>
-  <Protocol Name="None" />
+  <Protocol Name="OpenIdConnect" />
   <OutputTokenFormat>JWT</OutputTokenFormat>
   <Metadata>
     <Item Key="client_id">{service:te}</Item>

articles/active-directory-b2c/session-behavior-custom.md renamed to articles/active-directory-b2c/session-behavior-custom-policy.md

@@ -22,13 +22,12 @@ ms.subservice: B2C
 You can use the following properties to manage web application sessions:
 
 - **Web app session lifetime (minutes)** - The lifetime of Azure AD B2C's session cookie stored on the user's browser upon successful authentication.
-    - Default = 1440 minutes.
-    - Minimum (inclusive) = 15 minutes.
-    - Maximum (inclusive) = 1440 minutes.
+    - Default =  86400 seconds (1440 minutes).
+    - Minimum (inclusive) = 900  seconds (15 minutes).
+    - Maximum (inclusive) = 86400 seconds (1440 minutes).
 - **Web app session timeout** - The [session expiry type](session-overview.md#session-expiry-type), *Rolling*, or *Absolute*. 
 - **Single sign-on configuration** - The [session scope](session-overview.md#session-scope) of the single sign-on (SSO) behavior across multiple apps and user flows in your Azure AD B2C tenant. 
 
-
 ## Configure the properties
 
 To change your session behavior and SSO configurations, you add a **UserJourneyBehaviors** element inside of the [RelyingParty](relyingparty.md) element.  The **UserJourneyBehaviors** element must immediately follow the **DefaultUserJourney**. The inside of your **UserJourneyBehavors** element should look like this example:
@@ -41,21 +40,63 @@ To change your session behavior and SSO configurations, you add a **UserJourneyB
 </UserJourneyBehaviors>
 ```
 
-The following values are configured in the previous example:
-
-- **Single sign on (SSO)** - Single sign-on is configured with the [SingleSignOn](relyingparty.md#singlesignon). The applicable values are `Tenant`, `Application`, `Policy`, and `Suppressed`. For more information, see [session scope](session-overview.md#session-scope).
-- **Web app session time-out** - The web app session timeout is set with the **SessionExpiryType** element. The applicable values are `Absolute` and `Rolling`. For more information, see [session expiry type](session-overview.md#session-expiry-type).
-- **Web app session lifetime** - The web app session lifetime is set with the **SessionExpiryInSeconds** element. The default value is 86400 seconds (1440 minutes).
+## Single sign-out
 
-## Configure the single sign-out
+### Configure the applications
 
-When you redirect the user to the Azure AD B2C sign-out endpoint (for both OAuth2 and SAML protocols), Azure AD B2C clears the user's session from the browser.  To allow [Single sign-out](session-overview.d#single-sign-out), set the `LogoutUrl` of the application from the Azure portal:
+When you redirect the user to the Azure AD B2C sign-out endpoint (for both OAuth2 and SAML protocols), Azure AD B2C clears the user's session from the browser.  To allow [Single sign-out](session-overview.md#single-sign-out), set the `LogoutUrl` of the application from the Azure portal:
 
 1. Navigate to the [Azure portal](https://portal.azure.com).
 1. Choose your Active B2C directory by clicking your account in the top right corner of the page.
 1. From the left hand navigation panel, choose **Azure AD B2C**, select **App registrations**, and then select your application.
 1. Select **Settings**, select **Properties**, and then find the **Logout URL** text box. 
 
+### Configure the token issuer 
+
+To support sing-sign out, the token issuer technical profiles, for both JWT and SAML must specify:
+
+1. The protocol name, such as `<Protocol Name="OpenIdConnect" />`
+1. Reference to the session technical profile, such as `UseTechnicalProfileForSessionManagement ReferenceId="SM-jwt-issuer" />`.
+
+The following example illustrates the JWT and SMAL token issuers with single sign-out:
+
+```xml
+<ClaimsProvider>
+  <DisplayName>Local Account SignIn</DisplayName>
+  <TechnicalProfiles>
+    <!-- JWT Token Issuer -->
+    <TechnicalProfile Id="JwtIssuer">
+      <DisplayName>JWT token Issuer</DisplayName>
+      <Protocol Name="OpenIdConnect" />
+      <OutputTokenFormat>JWT</OutputTokenFormat>
+      ...    
+      <UseTechnicalProfileForSessionManagement ReferenceId="SM-jwt-issuer" />
+    </TechnicalProfile>
+
+    <!-- Session management technical profile for OIDC based tokens -->
+    <TechnicalProfile Id="SM-OAuth-issuer">
+      <DisplayName>Session Management Provider</DisplayName>
+      <Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.OAuthSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+    </TechnicalProfile>
+
+    <!--SAML token issuer-->
+    <TechnicalProfile Id="Saml2AssertionIssuer">
+      <DisplayName>SAML token issuer</DisplayName>
+      <Protocol Name="SAML2" />
+      <OutputTokenFormat>SAML2</OutputTokenFormat>
+      ...
+      <UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml-issuer" />
+    </TechnicalProfile>
+
+    <!-- Session management technical profile for SAML based tokens -->
+    <TechnicalProfile Id="SM-Saml-issuer">
+      <DisplayName>Session Management Provider</DisplayName>
+      <Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.SamlSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+    </TechnicalProfile>
+  </TechnicalProfiles>
+</ClaimsProvider>
+```
+
 ## Next steps
 
 - Learn more about [Azure AD B2C session](session-overview.md).