We are seeing the SM session being set to LOGGEDOFF very quickly after initial logon.
We expected the user's session to adhere to the configured realm timeouts.
Single Sign On
12.52, 12.6,12.7,12.7 and all supported agents.
User session timeouts are governed by the realm that the user first logs into.
If a user enters a new realm through single sign-on, the time-out values for the new realm are still governed by the session that was established by the initial login at the first realm.
If you have different time-out values for different realms, and you want to have each realm use its own time-out values, you can override the time-outs of the original realm.
To override the time-outs of the original realm, configure your Web Agent and realms as described in the following process:
- Set the value of the EnforceRealmTimeouts parameter to yes.
- Use the Administrative UI to do the following tasks:
- For each realm where you want to supersede the original time-outs (any realm that SSO functionality allows the user to access), do the following:
- To override the Maximum Timeout value, create a response using the WebAgent-OnAuthAccept-Session-Max-Timeout response attribute.
The login time is the basis for the user session start time and the WebAgent-OnAuthAccept-Session-Max-Timeout value is calculated from the time the user session has started.
- To override the Idle Timeout value, create a response using the WebAgent-OnAuthAccept-Session-Idle-Timeout response attribute.
- Bind each of the previous responses to an OnAuthAccept rule.