IV77052: SSO AUTHENTICATION FAILING AFTER SESSION TIMEOUT

APAR status

• Closed as fixed if next.

Error description

• When access application first time, SSO works but then after a
  "session time out" is encounted the users are getting prompted
  for login via Windows dialog (Windows Security). No login will
  work but they need to try 3 times to clear the login window.
  Then they manually exit the browser and login again
  

Local fix

• They can work around this issue by exiting the browser. They
  have also been asked to extend the session timeout to 4 or more
  hours so the users do not encounter the issue.  Additionally
  they will configure TRIRIGA to provide warnings before the
  timeout occurs.
  
  Though this is a valid and relatively easy work around they are
  concerned with the confusion the end uses will have when they
  encounter login screens that fail.
  

Problem summary

• The unauthorized page is triggering a SSO solution to
  continually prompt for the login.
  

Problem conclusion

• An enhancement has been made to the IBM TRIRIGA Platform, a new
  property has been added SSO_DISABLE_UNAUTHORIZED_STATUS
  to the TRIRIGAWEB.properties
  This tells the unauthorized.jsp page to send the 401
  UnAuthorized response in the HTTP Header
  Default is N, so the 401 header will be sent.
  Setting this to Y will disable the header, so no 401 will be
  sent.  This is targeted for the 2h2015 release.
  

Temporary fix

• Increase Session Timeout to a value like 4 or 8 hours.
  Setup the session timeout warning in the TRIRIGAWEB so that
  users will be notified when the session is about to timeout.
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Modules/Macros

• 999
  

Fix information

Applicable component levels

• R342 PSY

     UP