Layer7 API Management

  • Private Community

  • 1.  CA SSO Idle Timeout not being honored?

    Posted Nov 25, 2016 03:54 PM

    Setup includes non-persistent tokens and the "idle timeout" value does not seem to ever be honored in this case. Cookie is created with a 15 minute idle timeout and that is honored by ALL other Web Agents with the exception of the API Gateway.

     

    The API Gateway just takes it and considers it good when using the chain of "check protected resource", "authenticate against", and "authorize against".

     

    Just curious if there's some special setup or requirements to support idle timeouts, or if that's simply not supported.



  • 2.  Re: CA SSO Idle Timeout not being honored?
    Best Answer

    Broadcom Employee
    Posted Nov 29, 2016 05:47 PM

    Chris,

     

    The Gateway does not use the SSO web agent framework but uses the SDK framework. There is a special build of the Siteminder components of the gateway that will support this functionality that will need to be requested from support. The special versions were not built for all versions so you will need to ensure that the support team knows the version you are using.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 3.  Re: CA SSO Idle Timeout not being honored?

    Posted Nov 29, 2016 05:58 PM

    Great, thanks for the info. 

    Do you know if there are plans to incorporate that capability into all future versions? Or will it always need some special build?



  • 4.  Re: CA SSO Idle Timeout not being honored?

    Broadcom Employee
    Posted Nov 29, 2016 06:02 PM

    Chris,

     

    The goal is to incorporate it into the gateway core code to avoid the need for any special builds.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support