Identity Cloud

Configure server-side sessions

By default, AM configures the CTS token store schema in the AM configuration store.

Configure server-side authentication sessions

  1. In the AM admin UI, go to Realms > Realm Name > Authentication > Settings > Trees.

  2. From the Authentication session state management scheme drop-down list, select CTS.

  3. In the Max duration (minutes) field, enter the maximum life of the authentication session in minutes.

  4. Save your changes.

  5. Go to Authentication > Settings > Security.

  6. In the Organization Authentication Signing Secret field, enter a base64-encoded HMAC secret that AM uses to sign an ID for server-side authentication sessions, or for client-side, the JWT that is passed back and forth between the client and AM during the authentication process. The secret must be at least 128-bits in length.

    A unique, securely-random value for this signing secret was generated when your environment was created. If you choose to override that value, you must also make the value unique for your development, staging and production environments, so that a development session is not valid on your production environment.
  7. Save your changes.

Configure server-side session tokens

  1. In the AM admin UI, go to Realms > Realm Name > Authentication > Settings > General.

  2. Ensure the Use Client-Side Sessions check box is not selected.

  3. Save your changes.

  4. To verify that AM now creates server-side sessions for users:

    1. Authenticate to AM as a non-administrative user in the realm you enabled for server-side sessions.

    2. In a different browser, authenticate to AM as an administrative user.

    3. Go to Realms > Realm Name > Sessions.

    4. View the session in the AM admin UI to check that a session is present for the non-administrative user.

Copyright © 2010-2022 ForgeRock, all rights reserved.