When Web Agent profile is set to SSO Only, the end users token's idletime is not reset when visiting protected resources. The idletime will keep increasing until the user hits the Max Session time and gets an error.
- step 1: Install/Configure AM 126.96.36.199
- step 2: Create Agent profile in top realm
- step 3: Set Agent profile to SSO Only
- step 4: Install 5.5.0 Agent using the profile created in step 2
- step 5: Go to Agent protected resource and login as a user
- step 6: In another browser login as amAdmin and go to the Top Level realm's Sessions tab and type in demo, if that's the user who you logged into the website. Notice the idletime
- step 7: wait 3 minutes
- step 8: hit refresh in the agent protected page
- step 9: in Sessions tab, type username demo again. See the idletime has not changed. It does not get reset to 0 when the user access the protected resource.
Remove Agent's SSO Only configuration and add a simple policy. I used //::/* and GET Action, with Authenticated users.
With AM using a Policy rather then the SSO Only the idletime gets reset. If you repeat the steps from above, you will see the idletime getting reset.