How Siteminder Session Timeouts are Calculated and Recorded an in Symantec Directory Server Session Store
search cancel

How Siteminder Session Timeouts are Calculated and Recorded an in Symantec Directory Server Session Store

book

Article ID: 403396

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

The user session can be configured with an Idle Timeout and a Maximum Timeout.  The Idle Timeout and Max. Timeout are configured within each Realm.  This KB details how the Max and Idle Timeouts are calculated and recorded in a Session Store hosted  on an LDAP Symantec Directory Server.

Environment

PRODUCT: Siteminder

VERSION: Any

COMPONENT: Session Store

SESSION STORE Type: Symantec Directory Server (LDAP)

OPERATING SYSTEM: Any

Resolution

A Session object in an LDAP CA Directory Session Store is comprised of the following attributes: 


Attribute Value
objectClass smSession
objectClass top
smSessionId <smSessionID_Value>
smExpirationTime 20251121204915Z
smIdleExpirationTime 20251121194915Z
smLastAccessTime 20251121184915Z
smMaxIdleTime 3600
smSessionBlob <smSessionBlob_Value>
smSessionStatus 0
smSessionVariableData  
smSessionVariablesMode  



Idle Timeout

  • The Idle Timeout is the amount of time a user can be idle before their session times out.
  • The Idle timeout is a calculation based on the values in the 'smMaxIdleTime' attribute value and the 'smLastAccessTime' attribute value.
  • The 'smMaxIdleTime' corresponds to the "Idle Timeout" value from the Realm

smMaxIdleTime: 

  • The smMaxIdleTime attribute lists the Realm's Idle Timeout value (in seconds).


<Property Name="CA.SM::Realm.IdleTimeout"> 
<NumberValue>3600</NumberValue> 
</Property> 

smLastAccessTime: 

  • The smLastAccessTime attribute records the last time the session was active
  • The value is in Zulu Time [YYYYMMDDHHMMSSZ*

smIdleExpirationTime: 

  • The smIdleExpirationTime is a calculation that sets the time in the future when the the session will exceed the Realm's Idle Timeout
  • The value is in Zulu Time [YYYYMMDDHHMMSSZ*

    smIdleExpirationTime = ({smLastAccessTime} + {smMaxIdleTime})

 

<Property Name="CA.SM::Realm.IdleTimeout"> 
<NumberValue>3600</NumberValue> 
</Property> 

Maximum Timeout

  • The Maximum Timeout is the total amount of time a session can be valid. 
  • The Maximum Timeout is stored in the 'smExpirationTime' attribute
  • The 'smExpirationTime' value is written in Zulu time.
  • Maximum Time is calculated a the time the session is written to the session store.

smExpirationTime => ({time at authentication} + {CA.SM::Realm.MaxTimeout})

<Property Name="CA.SM::Realm.MaxTimeout"> 
<NumberValue>600</NumberValue> 
</Property> 

Powered by Wolken Software