User Challenged for Credentials Before WebSphere Session Expires

Agent Guide › Troubleshooting › User Challenged for Credentials Before WebSphere Session Expires

User Challenged for Credentials Before WebSphere Session Expires

The user is challenged by SiteMinder before the WebSphere session expires. If the WebSphere session times out before SiteMinder, the TAI will revalidate the user (only if WebSphere SSO is off).

Possible Cause	Solution
The SiteMinder session time is shorter than the WebSphere session time.	Check the SystemOut.log file for any indication that the session has expired and user will be challenged. Set the max and idle Timeout so that the SiteMinder session is greater than the WebSphere session. Manage the Web session times through the Web Agent realm. The Session timeout parameter is in Global Security section of the WebSphere Administrative Console. Set this parameter to the same duration as the session max timeout even if the SiteMinder session expires. If the user re-authenticates, the WebSphere session is renewed. Synchronize WebSphere and SiteMinder session times.

Possible Cause

Solution

The SiteMinder session time is shorter than the WebSphere session time.

Check the SystemOut.log file for any indication that the session has expired and user will be challenged.

Set the max and idle Timeout so that the SiteMinder session is greater than the WebSphere session. Manage the Web session times through the Web Agent realm.

The Session timeout parameter is in Global Security section of the WebSphere Administrative Console. Set this parameter to the same duration as the session max timeout even if the SiteMinder session expires. If the user re-authenticates, the WebSphere session is renewed.

Synchronize WebSphere and SiteMinder session times.

Email CA Technologies about this topic