Our API gateway is integrated with our SiteMinder with "Manage Single Sign-on configuration". In our API, we use the following assertion to validate the SMSESSION against SiteMinder. 

Each time after successful validation, we get back a new SMSESSION Token and then the next time we will use the new token for validation.

Our idle timeout limit is set to 1 hr, however, no matter how often we validate against SiteMinder and we keep using an updated token, the idle time out is not extended. All tokens timeout after 1 hr of the original session started.

API GATEWAY

You also need to make sure you are updating the SMSESSION cookie. Updating the token is not enough as SSO is cookie-based.