Changing session timeouts for protected federation URL
search cancel

Changing session timeouts for protected federation URL


Article ID: 273893


Updated On:


SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)



Running Web Agents in Federation journey, how to change the idle and max timeout for a specific web-site-1, when at the same time another web-site-2 has greater values for the idle and max timeout?

What will happen if a user logs in web-site-2, and then goes to the web-site-1? When will the user be requested to login again? Will the user session gets new values for the idle and max timeout?




At first glance, there's an ACO parameter on the Web Agent to handle the idle and max timeout on different realms (1).

Note that there are limitation when the realms are persistent in combinations with EnforceRealmTimeouts ACO (2).

If the business needs allows it, disable the SLO for that partnership and enable the Realm to enforce time out as described above.

Another way would be to implement security zones (3).

Security Zones work in Federation scenario with the SLO, if there's an Agent in front of the Federation services (4).

Having different cookies for the different application will allow setting the idle and max time out for each of them separately.


Additional Information



    Enforce Timeouts across Multiple Realms


    EnforceRealmTimeouts ACO not working on Web Agent


    Security Zones for Single Sign-on


    SSOZoneName: Loop expired session in Web Agent Option Pack