Provide true sliding session capability with ADFS
In ADFS the Web SSO lifetime controls the absolute maximum time span a user can continue without being forced to re-enter their credentials. However, this setting in conjunction with the SAML token lifetime and LogonTokenCacheExpirationWindow in SharePoint does not provide true sliding session functionality.
It would be great if an OOTB module was provided that can force sign out if a user was idle for a specified period of time, while also periodically performing automatic redirects to and from ADFS to update a user's claims.
As it stands right now a low Web SSO lifetime, one that is shorter than the SAML Token lifetime forces a user to re-enter their credentials every time. This provides a very erratic end user experience
On the other end of the spectrum a long SAML token lifetime with an even longer Web SSO lifetime and a short LogonTokenCacheExpiration window allows for seamless browsing, but the user's claims don't get updated as frequently. This makes the site less secure.
Please provide a more flexible and robust OOTB solution.