|
|
|
Session Timeouts Group Box
The Session Timeouts Group Box is where you specify timeouts for each realm protected by a SiteMinder Web Agent.
Note: A user’s session timeout is based on the session that is established when a user authenticates in a realm. If a user accesses a resource in another realm, SiteMinder maintains the user’s session. For example, if a user authenticates in RealmA, which has a session timeout of 30 minutes, then the user accesses a resource in RealmB 15 minutes later, regardless of the session timeout for RealmB, the user’s session expires in another 15 minutes. If you want to change this default behavior, you can create responses to replace session timeout values.
If set, the values specified in the associated Hours and Minutes fields determine the maximum amount of time a user session can be active before the Agent challenges the user to re-authenticate.
This setting is enabled by default. To specify no maximum session length, unset the checkbox. The default maximum session length is two hours.
Specifies the hours value for the maximum session length.
Specifies the minutes value for the maximum session length.
Note: To use this feature with the Basic authentication scheme, your Web Agent must be configured to Require Cookies. For more information, see the Web Agent Guide.
Note: You can override this setting by using the WebAgent-OnAuthAccept-Session-Max-Timeout response attribute.
If set, the values specified in the associated Hours and Minutes fields help determine the amount of time that an authorized user session can remain inactive before the Agent terminates the session. If you are concerned about users leaving their workstations after accessing a protected resource, set the idle timeout to a shorter period of time. If the session times out, users must re-authenticate before accessing the resources in the realm.
This setting is enabled by default. To specify no session idle timeout, unset the checkbox.The default session idle timeout is one hour.
Note that the session actually expires within a certain maintenance time period after the specified idle timeout value. The extra time period is determined by the number of seconds specified in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\SessionServer\MaintenancePeriod
The default value is 60 seconds.
For example, if the you set the idle timeout at 10 minutes, and you use the default value of the MaintenancePeriod registry setting, the longest time period before a session will timeout due to inactivity is 11 minutes (specified timeout + maintenance period).
Note: For persistent sessions, the Idle Timeout must be enabled and set to a value higher than that specified for the Validation Period.
Note: To use this feature with the Basic authentication scheme, your Web Agent must be configured to Require Cookies. For more information, see the SiteMinder Web Agent Guide.
Note: You can override this global setting by using the WebAgent-OnAuthAccept-Session-Idle-Timeout response attribute. A value of zero indicates that the session will not end because of inactivity.
Specifies the hours value for the idle timeout period.
Specifies the minutes value for the idle timeout period.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |