Session time-outs are set when you configure a realm with the Administrative UI. When a user’s CA SiteMinder® session times out, the Web Agent does one of the following actions:
If a redirect URL is specified, the user is sent to that destination page. If the page is unprotected, the user is granted direct access to that page. If the page is protected, the user is challenged for credentials before being granted access to the page. If no redirection URL has been specified, the Web Agent rechallenges the user for credentials after a session time-out.
You can redirect users whose sessions time out to a URL with a customized web page, which explains why their session has been terminated and how they can reestablish it. For example, you can create a custom web page that displays a message such as, "You have been logged out automatically as a security precaution. Please login again to continue."
If the user is not redirected to another page after a session times out, CA SiteMinder® challenges the user again. This may confuse users because they may not understand why they are being asked to reauthenticate.
To redirect users to different URLs after session time-outs
Specifies the URL where the Web Agent should redirect the user when the idle time-out for the session occurs.
Example: http://example.mycompany.com/sessionidletimeoutpage.html
Note: IdleTimeoutURL should only be used for non-persistent sessions; it has no effect if configured for persistent sessions.
Specifies the URL where the Web Agent should redirect the user when the maximum time-out for the session occurs.
Example: http://example.mycompany.com/maxtimeoutpage.html
Default: No default
If the idle timeout and maximum timeout values for a session (set in the Policy Server) occur at the same time and the IdleTimeoutURL and MaxTimeoutURL parameters are set, the user is redirected to the URL specified in the MaxTimeoutURL parameter when a time-out occurs.
Copyright © 2014 CA.
All rights reserved.
|
|