With CA SSO I've found a way to obtain the 'max' timeout value (number of seconds left) before a CA SSO session expires.
However, a PCI application would like to query the policy server to determine the number of seconds left in an SMSESSION before the user is logged out due to the idle timeout value configured in their security policy. It seems there's a way to configure URLs to not 'update' the timeout values in a CA SSO session. However, I cannot find a response that would return the number of seconds left for the 'idle' timeout value like there is for the 'max' timeout value.
So, my question is... What have others done to accurately inform a user that their session is about to end due to their session being idle for too long? Is the only option available today to have a separate timer in the user's browser? This is 'okay' but may not accurately reflect the "real" value in a CA SSO Session.
Thanks in advance!