WebSEAL does not enforce inactive-timeout

Troubleshooting

Problem

Attempting to setup inactive timeout, WebSEAL does not seem to be enforcing the time-out. What is the solution?

Cause

Check the WebSEAL configuration file, if failover authentication is enabled and the failover cookie is being used, WebSEAL will not enforce the inactive-timeout setting.

Here are the settings that are responsible for the behavior reported:

[failover]
#----------------------
# FAILOVER
#----------------------

# Accept failover cookies
# One of <http, https, both, none>
failover-auth = both

# Number of minutes that failover cookie contents are valid
failover-cookie-lifetime = 60

Resolving The Problem

To enforce the inactive-timeout with failover authentication enabled, please set reauth-for-inactive=yes.

[reauthentication]
#----------------------
# REAUTHENTICATION
#----------------------

# Prompt users to reauthenticate if their entry in the WebSEAL
# credential cache has timed out due to inactivity
#
# If set to 'no', entries in the cache will be deleted when the
# inactivity timeout is reached.
#
# If set to 'yes', entries in the cache will be retained until the
# cache lifetime timeout is reached. If the inactivity timeout has
# been reached and the client makes another request before the cache
# lifetime timeout is reached, they will be prompted to reauthenticate.
reauth-for-inactive = yes

------------------------------------------------------------------------

Related Information

Reauthentication based on session inactivity

[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0;6.1;6.1.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

ITAM TAM AM PD

Was this topic helpful?

Document Information

Modified date:
16 June 2018

UID

swg21508727

Tips