On the timeout of a clarity application session (Clarity session idle timeout in System Options), when the user clicks on a link in clarity they are taken to the Error URL.

The expected behavior is that the user should be taken to the IDP URL to re-authenticate.

Release : 16.0.3

This is the default behavior, but can be changed by editing the properties.xml file.

In the <clarity home>/config/properties.xml file, there should be an <sso> entry.

It should look something like this:

<sso tokenName="AUTH_TOKEN" tokenType="cookie" logoutURL="http://www.ca.com" errorURL="http://www.ca.com" keyHash=""/>

You can add an attribute in that tag:

timeoutURL="desired URL"

Here you can put in the desired URL

After making this change, a restart of the app services is required.

Important:  This will not re-authenticate the user if it is set to the IDP URL.  Clarity will not send an AUTHN request in this use case.  It is recommended to set this to the clarity classic or modern URL instead.  That will trigger the SP initiated login for the user.