It’s usually a bad idea to have such a long life for your tokens, because they can theoretically be “stolen” and reused. Issuing a token should not be particularly timely, so I would recommend that you re-check your users with STS quite often, and let your token “live” for several minutes.