Tuesday Tip by Vijay Masurkar, Principal Support Engineer, for 7-10-12
A question comes up about the Federation Manager (FedMa) Administrative UI (AdminUI) timeout:
After logging in Federation Manager Admin UI, when no operation is done, timeout is issued and the below message is displayed.
----------------------------
This page is used to hold your data while you are being authorized for your request.
You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below.
----------------------------
What parameter defines the timeout value? And, if it is configurable, how?
Recommendation:
One will try to extend the UI session timeout this way.
The FedMa Admin UI is deployed under Tomcat. Going down to …\secure-proxy\Tomcat\webapps\ca\federation\adminui\WEB-INF\ and you will see a web.xml file.
In the xml file, there is session timeout located under 'session-config', and, further inside, there's 'session-timeout'.
<session-config>
<session-timeout>
60
</session-timeout>
</session-config>
But changing this will not help if the the idle timeout which may be smaller. The idle timeout is incorporated into the AdminUI for security. That may need to be adjusted (e.g. if it is smaller than the session timeout).
The resource /ca/federation/adminui is protected by Policy Server embedded in Federation Manager. XPSExplorer can be used to change it. (This operation is recommended for an administrator who is well versed with the specific FedMa deployment under question.)
1. run XPSExplorer
2. choose 85 ? Realm
3. type S(Search)
4. choose the number which points to the resource /ca/federation/adminui such as following.
(C) ResourceFilter : "/ca/federation/adminui"
5. you may see the setting of the IdleTimeout below,
08: IdleTimeout = 3600
6. choose this number 8 .
7. type a new value (second)
8. type V(Validate record)
9. type U(Update record)
10. type Q as required to exit XPSExplorer
After these steps, restart of FedMa is recommended.