Setup includes non-persistent tokens and the "idle timeout" value does not seem to ever be honored in this case. Cookie is created with a 15 minute idle timeout and that is honored by ALL other Web Agents with the exception of the API Gateway.
The API Gateway just takes it and considers it good when using the chain of "check protected resource", "authenticate against", and "authorize against".
Just curious if there's some special setup or requirements to support idle timeouts, or if that's simply not supported.
The Gateway does not use the SSO web agent framework but uses the SDK framework. There is a special build of the Siteminder components of the gateway that will support this functionality that will need to be requested from support. The special versions were not built for all versions so you will need to ensure that the support team knows the version you are using.
Director, CA Support
Great, thanks for the info. Do you know if there are plans to incorporate that capability into all future versions? Or will it always need some special build?
The goal is to incorporate it into the gateway core code to avoid the need for any special builds.