AnsweredAssumed Answered

EnforceRealmTimeout overwritten

Question asked by Richard.Leto on May 9, 2017
Latest reply on May 11, 2017 by Ujwol Shrestha

Hi All,

 

I am trying to figure out this issue, 

 

We have 2 applications 

1) Login : Aco(EnforceRealmTimeout=Yes) Idle Timeout=600 Secs

2) Federation: Aco(EnforceRealmTimeout=Yes) Idle Timeout=3600 Secs

 

When I access login application first I see Idle Timeout for both applications as same, same thing happens when accessing the application Vise-versa.

I tried to Create the reponse too WebAgent-OnAuthAccept-Session-Idle-Timeout=3600 in federation App and attached it to OnAuthAccept response, but Idle Timeout and max timeout are overwritten

=====================================================

[Auth][AuthAccept][][policyserver][09/May/2017:16:25:50 -0400][clrrouting][IlSa21lYFZElUKuYCOZEXmWnr7s=][user1][03-1d5a10da-6f5c-4063-bbf3-3e11e3de7479][login-realm][06-2ed3eb37-fc1d-47ed-b8f9-e42520e39658][10.117.36.66][/login/][GET][User Profile][User Profile][ODBC:][idletime=600;maxtime=3600;authlevel=5;][Authenticated][login-Domain][][][][][]

 


=============================================


[Auth][ValidateAccept][][policyserver][09/May/2017:16:26:40 -0400][federation-agent][IlSa21lYFZElUKuYCOZEXmWnr7s=][user1][03-1ddffbf0-fba5-49f7-bc50-acfc5e852822][Federation-realm][06-a3e8f6e5-efb0-4900-bad1-34807a0ffb0b][192.168.9.169][/DTAdmin/loginrail/UserSolutionSelector.svc/100003175/104334][GET][User Profile][User Profile][ODBC:][idletime=600;maxtime=3600;authlevel=5;][][Federation Domain][][][][][]

 

Checking the webagent logs shows Enforcing the realm Timeout federation app shows:

 

 

[05/09/2017][16:26:39][1596][4204][2ea387fd-53442afc-54567d5f-18c49151-9cbf62a4-98][CSmCredentialManager::GatherCredentials][Found session, no credentials required.]
[05/09/2017][16:26:39][1596][4204][2ea387fd-53442afc-54567d5f-18c49151-9cbf62a4-98][AuthenticateUser][Validating session 'IlSa21lYFZElUKuYCOZEXmWnr7s=' for user 'user1' in zone 'SM'.]
[05/09/2017][16:26:40][1596][4204][2ea387fd-53442afc-54567d5f-18c49151-9cbf62a4-98][AuthenticateUser][Enforcing realm timeouts.]
[05/09/2017][16:26:40][1596][4204][2ea387fd-53442afc-54567d5f-18c49151-9cbf62a4-98][AuthenticateUser][User 'user1' is authenticated by Policy Server.]
[05/09/2017][16:26:40][1596][4204][2ea387fd-53442afc-54567d5f-18c49151-9cbf62a4-98][ProcessResponses][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]

 

Any suggestions please, why this could be happening and what I am missing here. Goal here is to have separate timeout for both Login and federation apps after SSO.

 

Thank you in advance.

Outcomes