Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-2557

Documentation for method used to deal with idle timeout with agent



      An issue was identified by customer using SSO only mode.
      From: https://docs.google.com/document/d/1LdhdUEOOH4zPq4yob2WETuasC4KRRQNUCoYYUU82Nu4

      the Agent doesn't look at the idle timeout, but doesnt tell AM when a session is active, so if idle time is set to lower than expiry time. AM will end an active session when it shouldn't (providing the Agent doesn't make any policy evaluation requests on behalf of the user).
      This happens because the agent is avoiding contact with AM. Idle time would work well if agent always contacted AM when session was active.
      The problem is made worse when using the SSO_ONLY filter mode which actively prevents the agent from making policy evaluation requests of AM.  This is what the customer was using who raised the Zendesk ticket for AMAGENTS-2510.

      The proposed solution is to use something similar to the approach that IG use. The customers need to be informed that if they are using "SSO only mode" then currently if they have the session cache timeout set to a higher value than the idle time then users will be logged out after the idle time since AM will not know that the user is still active.

      A solution to this problem is to make the sso cache polling interval (com.sun.identity.agents.config.sso.cache.polling.interval) less than idle timeout which means that if the user is still active, then the agent will contact AM after the polling time which will mean that the user will not be timed out for being idle. A potential problem with this approach is that more calls will be made to AM so there may be a reduction in performance.


          Issue Links



              • Assignee:
                cristina.herraz Cristina Herraz
                edward.barker edwardb
              • Votes:
                0 Vote for this issue
                4 Start watching this issue


                • Created: