Tech Tip – How to automatically redirect user to login page after idletimeout

Document created by Ujwol Shrestha Employee on May 30, 2018
Version 1Show Document
  • View in full screen mode

The user logs into the application.
He leaves the application IDLE for X minutes ( where X = Idle Time out configured for the Realm)
The user can still continue to see the application even after the idletimeout as long as he doesn’t refresh the page.
The requirement is that , once the idle time out is reached, the application should automatically redirect the user to the login page and log the user out of the current session.

  • Implement an active response to set an HTTP resposne header “HTTP_IDLE_TIMETOEXPIRE” with the actual idle timeout for the current session. (Note: there is an OOTB header “HTTP_SM_TIMETOEXPIRE ” for max time out but none for idle time out in CA SSO )
  • Create a following meta tag to refresh the page after the idle time out plus an additional 5 seconds :

<META http-equiv=refresh content=”Read value from Idle timeout HTTP header + 5 seconds” >

Once the request reaches web agent, it detects the session is already idled out, so it logs off the current session and redirect to the login page.


  1. Create an Active Response to invoke the attached Active Response class


2. Associate the above ActiveResponse with the “OnAccessAccept” rule.


3.  Compile and deploy the attached GetIdleTimeOutActiveResponse class to to directory <PS_Install_directory>siteminder\config\properties. The logic to retrieve the IdleTimeout of the current session is as below :

public String
invoke(ActiveExpressionContext context,
String param)
throws Exception
String idleTimeout ;

SessionInfoContext sInfoCtx= new SessionInfoContext(context);
APIContext apiContext = context.getAPIContext();

long toRet = sInfoCtx.getIdleTimeout();
if (toRet != -1)
//Logger.logInfo("Session IdleTimeout " + toRet );
logInPSTrace(apiContext, "Session IdleTimeout : " + String.valueOf(toRet));
idleTimeout = String.valueOf(toRet);
logInPSTrace(apiContext, "FAILED to get Session IdleTimeout");
idleTimeout = new String("ERROR");
return idleTimeout;


4. Restart Policy server.

5. For the test, we are using classic ASP script on the client side as below :

<td colspan=2>Your session will idleout in :<b> <%= GetAttribute("HTTP_IDLE_TIMETOEXPIRE")%> </b> seconds</td>
response.write "<META http-equiv=refresh content=" & GetAttribute("HTTP_IDLE_TIMETOEXPIRE")+5 & ">"


  1. Active Response java class : 
  2. sample client script : 


For the test, I have set the realm idletimeout = 60 seconds & max time out = 300 seconds :

  1. Headers
  2. Fiddler : 
4 people found this helpful