An issue was identified by customer using SSO only mode.
The proposed solution is to use something similar to the approach that IG use. The customers need to be informed that if they are using "SSO only mode" then currently if they have the session cache timeout set to a higher value than the idle time then users will be logged out after the idle time since AM will not know that the user is still active.
A solution to this problem is to make the sso cache polling interval (com.sun.identity.agents.config.sso.cache.polling.interval) less than idle timeout which means that if the user is still active, then the agent will contact AM after the polling time which will mean that the user will not be timed out for being idle. A potential problem with this approach is that more calls will be made to AM so there may be a reduction in performance.