Hi mchv2.0,

The “symptom” described in your post is a security feature of SharePoint online claims based authentication.  It was designed to logout customer sites that were left open and inactive.

When you login and authenticate to SharePoint Online for Office 365, a Security Assertion Markup Language (SAML) security token is created for the admin portal.  When you navigate to SharePoint Online sites, a security token session is created and is valid for its 2 hour lifetime.  As the user continues to work with the site, a new security token session is created every 20 minutes.  If a site is inactive for over 20 minutes, the LogonTokenCacheExpirationWindow will not reissue a new token session and the user will be logged out of that site. The SAML token for the admin portal is not affected by this process and is still active for the remainder of its 8-10 hour lifetime.  The Portal remains accessible and the user can navigate from the portal back to the site without having to login again. 

While you can extend the lifetime of the admin portal security token by selecting the Keep Me Signed In option that will not change the lifetime of the site security token.

If that does not answer your question please let me know as I will continue to monitor this thread for a few days and will reply to any additional posts or questions.

If what you suggest worked, I'd probably say it's a bad idea and isn't something I've ever seen anyone ask for. As it is, it doesn't work the way you describe at all. I was logged into an account and Sharepoint Designer and actively using both. I needed to check something in Explorer view so clicked a library "open with explorer" icon and got the error. It doesn't even give you an opportunity to log in again if that's required. There's no way I can find to get it to work other than closing the browser which is ridiculous AND I'm not even sure that works all the time. 

I don't doubt the intentions are good but in real life it's overthought and far more complicated than it needs to be. As I've said before, I think most people expect that when they're signed in they'll have access to everything they're authenticated for and when they sign out, they get signed out. Even if it worked, this concept that you can be signed in but only have access to certain things for a certain time with no indication of what those things or that time is and no clear error messages telling you that, is frankly bizarre.

You guys know more about this stuff than I and so I don't expect anything to be changed, but I can tell you all the users I'm in contact with are befuddled and often frustrated by log in problems. You've managed to turn something very basic - that's essential to effective cloud operations and should be simple and universally understood - into the most annoying aspect of 365.

Hi mchv2.0,

I appreciate your honest assessment of the current SharePoint Online authentication process.  Because there are others that share your view on this subject, I feel it would be valuable for you to submit a comment using the feedback link located in the lower right hand corner of this thread.  Your comment combined with this thread provides valuable information that should be evaluated in conjunction with future releases of SharePoint Online.

Microsoft’s main goal with SharePoint Online for Office 365 is continuous innovation to enable collaboration from anywhere, with anyone, on any device.

I will continue to monitor this thread for a few days and will reply to any additional posts or questions.

Interesting to note that authentication doesn't even work for this community!

If I'm logged in to a 365 account (in this case with a Live id) and attempt to sign into the community I get:

Sorry, there was a problem with your last request!

Either the site is offline or an unhandled error occurred. We apologize and have logged the error. Please try your request again or if you know who your site administrator is let them know too.

 

The only way to get logged in is to clear cache. Is this how things are supposed to work?

Hi mchv2.0,

The procedure that you detailed in your post, I perform multiple times a day.  This commonly happens to me, when I am working with a SharePoint Online tenancy and need to check the SharePoint Online Community Forums.

When I am logged into SharePoint Online for Office 365 using Internet Explorer, and need to check the SharePoint Online Community forums, this is the process I follow to change to a community forums enabled SharePoint Online user account:

1)    Logout the current SharePoint Online account and close all browser windows

2)    Open one browser window, clear the cache, then again close all browser windows

3)    Login the SharePoint Online user ID that has community forums access

4)    If login fails repeat step 2

Another option would be to use an Internet Explorer InPrivate session, as that is independent of the normal IE security token.  To open an IE private session from the browser select ctrl-shift-P.  It is still recommend that you close all private session browser windows, if you switch to another SharePoint Online user ID.

If that does not solve your question please let me know as I will continue to monitor this thread for any additional posts or questions.

Jonis,

I think 99% of people would agree that's an absurd process. It isn't required by any other online service I've ever used. Clearing the cache just to switch id's? 

And your experience doesn't match mine which is all the more disturbing. Just to be clear I only get the error message I posted above if I'm already logged in to a 365 account with a Live id. If I'm logged in with a MOS id that doesn't have a community account, it asks me to set one up but allows me to sign in with another id.  That is reasonable. 

So I guess there's a bug somewhere in the different way community authentication handles Live and MOS ids. The error message above is silly because it tells you there's a system problem but gives no indication of what the problem is or how to fix it. And having to clear your cache just to log in is well, ridiculous.

Hi mchv2.0,

While the authentication issues may vary between our posts, the resolution is still to clear the cache and the cookies.

When I researched the error message you posted, I found numerous non-Microsoft links detailing this error in conjunction with Firefox and their community forums sites.  Because these articles are from various companies and corporations, the issue is with the internet browser and community forums authentication.  While SharePoint Online and the SharePoint Online community forums have similar authentication protocols and SharePoint Online has a role in this issue, this is a community forums authentication error.

Because I am not able to confirm the information provided by the external sourced articles I reviewed, I have not included those links in this post.  To review those links, I recommend that you perform a Bing search for: ‘Either the site is offline or an unhandled error occurred Firefox’.

It is important to note that the common resolution is to clear the cache and the cookies.

I will continue to monitor this thread for a few days and will reply to any additional posts or questions.

It has nothing to do with the browser but I agree it is related to community forums and the way 365 authentication works. We had the same issue with the OLSB forum but at least there you could close the forum window and log in with another id. That doesn't work with 365. Once again, I've only experienced this with MSFT ids and forums, so somehow other people have figured out a better way to do it. That's all I'm asking for as having to clear cache just because I'm logged in with another 365 associated Live id isn't realistic at all. 

Hi mchv2.0,

SharePoint Online for Office 365 was designed with strong two-factor authentication to improve security by requiring users to meet two authentication criteria, a user name/password and a service security token.  The design provides a high degree of security, continuity, privacy, and adherence to compliance policies and controls.

It is likely that the stringent standards established by the Microsoft Risk Management program for Office 365 are not “required by any other online service” that you have ever used.

If you have not done so already, submit a comment using the feedback link located in the lower right hand corner of this thread.  Your comment combined with this thread will provide valuable authentication recommendations in conjunction with future releases of SharePoint Online.

I will continue to monitor this thread and will reply to any additional posts or questions.

As I said before :"I don't doubt the intentions are good " but you have to balance security and usability. A highly secure system that no one wants to use doesn't do any of us any good. And how do we explain the varying experiences and lack of consistency reported by users (including yourself)?  Surely a buttoned down, secure system would act the same for everyone? My feeling is we're paying a high price in terms of usability for questionable - or at best, inconsistent -  security.

Here we go again -  a new twist. Trying the member log in link on a website, I am now only presented with the "MSFT ACCOUNT" log in. I'm told my MOS id "isn't a MSFT account". I tried office365.com,,,same thing. In order to log back in I had to clear cache. So now I have to stop what I'm doing to futz around just to get logged into a service I'm expected to pay for? This is how Office 365 "enhances my productivity"? Would it be so hard to offer the option of logging in with an MOS id? If MSFT insists on having 2 separate authentication systems, is it too much to ask that the user isn't penalized for that dumb idea?

If this is how it's going to be, I and untold numbers of other people, will be forced to abandon all MSFT products. No one in their right mind would put up with this.

This issue make me remember a car that I used to owned.. It was voted the most secure car in the world, great anti theft system, in fact it was so so good that not only the thief can´t open it as I was locked out several times (and even better, some owners were locked inside they own cars lol)...

Microsoft, you could do so much better, every time you try to look to the side and hope that goes away you lose clients...

Hi mchv2.0,

SharePoint Online authentication can require customers to clear the cache when they change between Microsoft Online Services ID’s.  For me this is a normal process within the scope of Microsoft Online Hosted Services and life in the Office 365 cloud.  It is important to note that the clear cache process is generally not required for users with only one Microsoft Online Services ID and a dedicated workstation.

I understand your desire for a blend of enhanced productivity and security in future releases of SharePoint Online, however, the authentication mechanism must still provide a high degree of security, continuity, privacy, and adherence to compliance policies and controls.

I would like to note that SharePoint Online authentication does vary by plan, for example, some Enterprise customers deploy single sign-on by integrating Office 365 identity federation and Active Directory Federation Services (ADFS).

I will continue to monitor this thread and will reply to any additional posts or questions.

For me this is a normal process within the scope of Microsoft Online Hosted Services and life in the Office 365 cloud.

 

It may be for you but not for the average person trying to run a business. For them, if accessing "life in the O365 cloud" requires all these daft workarounds, they'll seek the cloud elsewhere.

You've highlighted the essential problem: you think making adjustments like clearing cache is normal presumably because you're used to dealing with MSFT products. I doubt consumers will put up with the frustration and confusion the bizarre authentication system causes for long. Especially not when they see they can set up several Google Drive accounts in about 3 minutes (for free), log in and out seamlessly and have everything synched across their devices. In this day and age if people have to figure out how to use a product, they don't want it, I'm afraid.

I totally agree.