Java Policy Agents 2023.3

Idle Time Refresh Window

The interval in minutes at which the agent calls AM to refresh a session idle timeout.

AM sessions have an idle timeout after which they expire. In general, when users access protected resources through an agent, the agent requests a policy decision on behalf of that user, which resets the idle timeout.

When the agent does not need to contact AM frequently, for example, when policy evaluation is already cached, sessions may unexpectedly expire in AM before the user has finished accessing the application.

Agents make one call per active user session at the end of the time interval, provided that the user is actively accessing the web application or site. If the user does not access the application during the configured window interval time, the agent will not make the call to AM at the end of the interval. Eventually, if the user is inactive for enough time, AM will log them out when the session reaches its idle timeout.

Configuring the idle timeout window to a short value, such as one minute, achieves a good balance between making additional calls to AM and providing a good user experience.

Increase this value only if the performance impact of making an extra call to AM every minute is noticeable enough in your environment.

Property name

org.forgerock.agents.idle.time.window.minutes

Aliases

org.forgerock.agents.idle.time.window.minutes
  Introduced in Java Agent 5.6.2.1
  Recognized from AM 7

Type

Integer

Default

1

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties

AM console

Tab: Advanced (from AM 7)

Title: Idle Time Refresh Window

Copyright © 2010-2023 ForgeRock, all rights reserved.