Hi,
Did you flush the cache (Administration -> Policy Server -> Cache Management) and wait a few minutes after changing the timeouts?
Are their multiple realms involved? More specifically, are you logging in through a different realm than the one the application is in? The timeouts are picked up from the realm you log in with, so if you log in to a different realm to the one the application is in, it will use those timeouts instead.
Finally, what is the value for EnforceRealmTimeouts for the Agent Configuration Object? This should be set to Yes to use WebAgent-OnAuthAccept-Session-Max-Timeout and WebAgent-OnAuthAccept-Session-Idle-Timeout rules. Please see the following documentation describes this in detail:
https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/web-agent-configuration/session-protection/enforce-timeouts-across-multiple-realms
Thanks, Simon.