|Applies To||RSA Access Manager/ClearTrust Agents 4.x 3.x|
RSA Access Manager 6.0.x / ClearTrust 5.5.x servers
|Issue||AxM - What Are The Maximum Values For "agent.session_lifetime" and "agent.idle_timeout"|
Customer wants to increase the session timeout and idle timeout but the maximum values are not in the documentation
When a Access Manager session cookie is created there are two embedded time stamps in the cookie.
If a session has been idle too long, overnight for example, then the keys needed to decrypt cookie to read these times will have expired and will simply generate a "Token Error"
There is no maximum values for session time or idle time out values.
But your keys to decrypt the cookie must be set to exist longer then the idle time out.
In addition the maximum number of session keys that can be stored is 15, so the token lifetime can be no more than 15 times the session key life or 7.5 hours using the default 30 minute session key life.
The numbers below would suffice for a 1 ? hour idle timeout. A session timeout is a active session that is always using the latest keys so these numbers don?t apply.
The following are in the keyserver.conf
# Sets the allowable idle time for a given single sign-on token.
|Legacy Article ID||a46477|