I am a beginner with the product. Hopefully someone can point me in the right direction. My goal is get a better understanding of this issue.
We have a web based application that is protected with SiteMinder. the initial URL (root, //application/) is protected with a persistent session. We have other URLs within the same application that are also protected, but they are using non-persistent sessions. (Example: //application/inventory) SSO is working but we are potentially running into an issue with idle timeout.
The root, protected by the persistent session, is setup for a 15 minute idle timeout. Went navigating in and out of this realm we can watch the session store update the smsession. But, when a user is operating in one of the other realms (//application/inventory) it does not update the session store. If they work past 15 minutes they seem to be getting timed out and kicked out of the application.
Now, this is where is gets a little confusing. I evaluate the access logs and I am not seeing any events with the code of , idle timout, at the end. So, I don't know if this is actually a SiteMinder issue or the application. But, I need more knowledge as application people always swear it's a "SiteMinder" issue. The one thing I can agree on with them is, the persistent session/session store is not updating if they don't return to the "root" of the web application. If I am not mistaken, since we have SSO setup they will continue to function off the original persistent session. How do we keep it active?
Do we have to make each realm persistent? That would make sense to me but, in our old environment it was not configured like this. (The old servers are shut down and not available to look at.....)
Any help would be greatly appreciated.