CA API Management: Increase the session timeout for OAuth login and consent pages

book

Article ID: 17185

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

By default, the OAuth Toolkit (OTK) sets a timeout value of 5 minutes for the authorization server login and consent pages.

Should a user remain idle at either of these pages for more than this timeout value they will receive the below error:

 

{

 

  "error":"invalid_request",

  "error_description":"The session has expired or already been granted. The login process has to be repeated to be successful"

 

}

 

 



How can the timeout value be increased?

Environment

Release: L7SGA299000-9.3-API Gateway SOA Gateway-HARDWARE APPLIANCE DUAL CPU
Component:

Resolution

This value is stored in the variable "sessionIdCacheAge" within the "OTK Authorization Server Configuration" encapsulated assertion.

As the policy is read-only in OTK 4.x you will need to copy the variable assertion to the accompanying hash policy "#OTK Authorization Server Configuration"

to modify its value. Extreme care should be taken in modifying this value as not increase it too high.

 

 

Attachments