CA API Management: Increase the session timeout for OAuth login and consent pages


Article ID: 17185


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


By default, the OAuth Toolkit (OTK) sets a timeout value of 5 minutes for the authorization server login and consent pages.

Should a user remain idle at either of these pages for more than this timeout value they will receive the below error:





  "error_description":"The session has expired or already been granted. The login process has to be repeated to be successful"





How can the timeout value be increased?


Release: L7SGA299000-9.3-API Gateway SOA Gateway-HARDWARE APPLIANCE DUAL CPU


This value is stored in the variable "sessionIdCacheAge" within the "OTK Authorization Server Configuration" encapsulated assertion.

As the policy is read-only in OTK 4.x you will need to copy the variable assertion to the accompanying hash policy "#OTK Authorization Server Configuration"

to modify its value. Extreme care should be taken in modifying this value as not increase it too high.