Symantec Access Management

i have an application for which i have set the Ideal Timeout to be 8 hours and maximum to be 12 hours which was previously set to 4 and 8 respectively. Also, in this scenario i have made a OnAuthAccept rule for timeout response. This is not done by editing the max and idle timeout field in the Realm.

Now, my application is getting logged out in every 4 hours ideally and i am getting logged out logs for the session. Can someone suggest ?

Hi,

Did you flush the cache (Administration -> Policy Server -> Cache Management) and wait a few minutes after changing the timeouts?

Are their multiple realms involved? More specifically, are you logging in through a different realm than the one the application is in? The timeouts are picked up from the realm you log in with, so if you log in to a different realm to the one the application is in, it will use those timeouts instead.

Finally, what is the value for EnforceRealmTimeouts for the Agent Configuration Object? This should be set to Yes to use WebAgent-OnAuthAccept-Session-Max-Timeout and WebAgent-OnAuthAccept-Session-Idle-Timeout rules. Please see the following documentation describes this in detail:

https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/web-agent-configuration/session-protection/enforce-timeouts-across-multiple-realms

Thanks, Simon.