ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Users being logged out from Performance Center unexpectedly

book

Article ID: 213962

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Seeing an issue where the CookieTimeout doesn't appear to be working. Users getting logged out before that time cycles.

Able to log in again but something odd is going on.

Why are users being logged out before the SsoCookieTimeoutMinutes setting is reached?

Why are users being logged out before the Single Sign-On (SSO) Cookie Timeout Minutes setting is reached?

Why are users logged out after 30 minutes?

There are only three things that should trigger a User to be logged out.

  • If the Performance Center SSO (caperfcenter_sso) service is restarted all Users are logged out.
  • A User logs out manually.
  • The SsoCookieTimeoutMinutes value is reached.

Cause

A code defect causes the SsoCookieTimeoutMinutes value, when configured with a value >30 minutes, to be ignored.

This is being addressed via defect DE496629

Environment

All supported DX NetOps Performance Management Performance Center Portal releases r20.2.1 and newer

Resolution

This issue was reported to engineering as DE496629 which is resolved via code change in the r21.2.6 release. Upgrade to release r21.2.6 or newer to resolve this issue.

To resolve this until a fix is available in a new release, follow these steps. It allows longer timeouts to work properly by setting the Jetty session to match the cookie timeout. Without this change the jetty session ignores the SsoCookieTimeoutMinutes value if set to >30 minutes.

  1. Open a terminal to the Performance Center Portal host.
  2. Go to the (default path) /opt/CA/PerformanceCenter/PC/webapps/pc/WEB-INF directory.
  3. Make a copy of the web.xml file as a backup with the command:
    • cp web.xml web.xml.backup
  4. Open the working web.xml file for editing.
  5. Make the following changes.
    1. Change this section:
      • <session-config>
            <cookie-config>
                <name>JSESSIONID</name>
                <http-only>true</http-only>
            </cookie-config>
        </session-config>
    2. To look like this.
      • <session-config>
            <cookie-config>
                <name>JSESSIONID</name>
                <http-only>true</http-only>
            </cookie-config>
            <session-timeout>SSOCONFIG_VALUE</session-timeout>
        </session-config>
      • Note the addition of the session-timeout entry and where it is placed. Place it in the same location.
      • Replace SSOCONFIG_VALUE with the same value your SsoCookieTimeoutMinutes is set to.
        • See Additional Information below re: how to check the current setting via the SsoConfig command.
    3. Save the changes to the file.
    4. After editing the web.xml file restart the PC console service.
      1. Stop the service:
        1. RH 6.x: system caperfcenter_console stop
        2. RH 7.x: systemctl stop caperfcenter_console
      2. Start the service:
        1. RH 6.x: system caperfcenter_console start
        2. RH 7.x: systemctl start caperfcenter_console

After this change the User should not be logged out automatically until the SsoCookieTimeoutMinutes value is reached.

Additional Information

  • Any upgrade will reset/replace the existing web.xml file. Be sure to make the changes to web.xml, adding session-timeout, after any upgrade.
  • What is my current SsoCookieTimeoutMinutes value? How do I check?
    1. Open a terminal to the Performance Center Portal host.
    2. Go to the (default path) /opt/CA/PerformanceCenter directory
    3. Run: ./SsoConfig
    4. Enter 1 for DX NetOps
    5. Enter 4 for Single Sign-On
    6. The "Cookie Timeout Minutes" entry represents the SsoCookieTimeoutMinutes value.