Say you sign in, using a web browser to an application which forwards you to ADFS 2.0. You authenticate and obtain a kerberos ticket.
Kerberos ticket lifetime = 10 hours
SAML SSO lifetime = 1440 minutes (24 hours)
When the Kerberos ticket expires, but you're still using the application - what happens? Will it prompt for re-auth, or silently renew?