Users log out every 10-20 minutes (claims authentication)

For some reason, users are redirected back to login.microsoftonline.com almost every 10/20 minutes. This is rather annoying as the code below is used to log in users to the CMS.

Can someone tell me what is wrong with the following code and why do our users log out / redirect back to login.microsoftonline.com? A session has a lifespan of 60 minutes, so it must be something with the authorization itself.

Should we use WsFederationAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType or DefaultAuthenticationTypes.ApplicationCookie?

We want to allow users to log in using the form (/ account / inloggen) or using the "Azure SSO" button (which is the external login)

public void ConfigureAuth(IAppBuilder app)
{
  // Configure the db context and user manager to use a single instance per request
  app.CreatePerOwinContext(ApplicationDbContext.Create);
  app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);

  // Enable the application to use a cookie to store information for the signed in user
  // and to use a cookie to temporarily store information about a user logging in with a third party login provider
  // Configure the sign in cookie

  app.UseCookieAuthentication(new CookieAuthenticationOptions
  {
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/account/inloggen"),
    Provider = new CookieAuthenticationProvider
    {
      OnResponseSignIn = ctx =>
      {
        ctx.Identity = TransformClaims(ctx.Identity);
        ctx.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddDays(7.0);
      },
      OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                              validateInterval: TimeSpan.FromMinutes(30),
                              regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    },
    ExpireTimeSpan = TimeSpan.FromDays(7.0),
    SlidingExpiration = true
  });

  app.UseCookieAuthentication(new CookieAuthenticationOptions
  {
    Provider = new CookieAuthenticationProvider
    {
      OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
          validateInterval: TimeSpan.FromMinutes(30),
          regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    },
    ExpireTimeSpan = TimeSpan.FromDays(7.0),
    SlidingExpiration = true
  });

  app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
  {
    MetadataAddress = "https://login.microsoftonline.com/xxxxxxxxxxxxxx/federationmetadata.xml",
    Wtrealm = "https://portal.domain.com",
    Caption = "Azure SSO",
    SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
    UseTokenLifetime = false,
    AuthenticationMode = AuthenticationMode.Passive
  });

  app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
}

When and why should we use this?

app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

As you may have noticed, I'm pretty new to this. I looked at stack overflow and a lot of examples in Googled, but there is no clear answer / tutorial explaining the different types of permissions, their properties and how to use them.