CA API Management: Increase the session timeout for OAuth login and consent pages

Document ID : KB000017185
Last Modified Date : 14/02/2018
Show Technical Document Details

By default, the OAuth Toolkit (OTK) sets a timeout value of 5 minutes for the authorization server login and consent pages.

Should a user remain idle at either of these pages for more than this timeout value they will receive the below error:





  "error_description":"The session has expired or already been granted. The login process has to be repeated to be successful"






How can the timeout value be increased?


This value is stored in the variable "sessionIdCacheAge" within the "OTK Authorization Server Configuration" encapsulated assertion.

As the policy is read-only in OTK 4.x you will need to copy the variable assertion to the accompanying hash policy "#OTK Authorization Server Configuration"

to modify it's value. Extreme care should be taken in modifying this value as not increase it too high.