Adding this as an IG issue just for tracking purposes as the issue may be in AM only -
If a PolicyEnforcementFilter is in a realm configured to use stateless tokens, once the pepUser's token expires IG will not re-authenticate but will instead return an error.
Put the pepUser in a realm that uses stateful tokens.
Shouldn't be an issue on 6.0 as long-lived application tokens are used instead and there doesn't seem to be a way to change the validity of a stateless application token.
Time in minutes after which a web or Java agent's CTS-based session expires. Note that this setting is ignored when AM creates a client-based session for a web or Java agent.
Default: 0 (never time out). You can set this property to 0, or 30 and higher (no maximum limit).