CA API Management: Increase the session timeout for OAuth login and consent pages

Document ID : KB000017185
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

By default, the OAuth Toolkit (OTK) sets a timeout value of 5 minutes for the authorization server login and consent pages.

Should a user remain idle at either of these pages for more than this timeout value they will receive the below error:

 

{

 

  "error":"invalid_request",

  "error_description":"The session has expired or already been granted. The login process has to be repeated to be successful"

 

}

 

time_msg.png

Question:

How can the timeout value be increased?

Answer:

This value is stored in the variable "sessionIdCacheAge" within the "OTK Authorization Server Configuration" encapsulated assertion.

As the policy is read-only in OTK 4.x you will need to copy the variable assertion to the accompanying hash policy "#OTK Authorization Server Configuration"

to modify it's value. Extreme care should be taken in modifying this value as not increase it too high.

 

lifetime.png

 

hash_policy.png