Currently, there is no way to manage an idle connection between the policy server and a ldap user directory from SiteMinder side.
We would like to request enhancement for one of the two things.
- Add a feature to SiteMinder to terminate TCP sessions to user directories after a period of inactivity.
- Apply a keep-alive methodology from SiteMinder on each TCP connection to each user directory so that the firewall will see traffic flow and maintain the connection. This would be different then the health check that SiteMinder already does to make sure the user directory is available.
The reason we are requesting these changes is because our firewalls look for a minimum number of packets over a 30 minute duration to keep the connection open. Idle connections are closed by the firewall and SiteMinder attempts to send traffic over these closed connections causing delays or spikes in response times.