SMSESSION being set to LOGGEDOFF after about 5 mins

Document ID : KB000097159
Last Modified Date : 18/05/2018
Show Technical Document Details
Issue:
We are seeing the SM session being set to LOGGEDOFF very quickly after initial logon. 

We expected the user's session to adhere to the configured realm timeouts.
 
 
 
Environment:
Single Sign On
12.52, 12.6,12.7,12.7 and all supported agents. 
Cause:
User session timeouts are governed by the realm that the user first logs into. 
If a user enters a new realm through single sign-on, the time-out values for the new realm are still governed by the session that was established by the initial login at the first realm. 
If you have different time-out values for different realms, and you want to have each realm use its own time-out values, you can override the time-outs of the original realm.
Resolution:
To override the time-outs of the original realm, configure your Web Agent and realms as described in the following process:
  1. Set the value of the EnforceRealmTimeouts parameter to yes. User-added image
  2. Use the Administrative UI to do the following tasks:
    1. For each realm where you want to supersede the original time-outs (any realm that SSO functionality allows the user to access), do the following:
      • To override the Maximum Timeout value, create a response using the WebAgent-OnAuthAccept-Session-Max-Timeout response attribute.
        The login time is the basis for the user session start time and the WebAgent-OnAuthAccept-Session-Max-Timeout value is calculated from the time the user session has started.
      • To override the Idle Timeout value, create a response using the WebAgent-OnAuthAccept-Session-Idle-Timeout response attribute.
Examples:
User-added imageUser-added image

 
  1. Bind each of the previous responses to an OnAuthAccept rule.
Example: User-added image