How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure the login page session timeout in AM (All versions) when using authentication trees?

Last updated Jan 16, 2023

The purpose of this article is to provide information on setting the login page session timeout in AM when you are using authentication trees.


The login page session timeout specifies the duration in minutes before the AM login page times out and the session (if it is server-side) is removed from the CTS store if a user does not log in. The default for the login page session timeout is five minutes.

If a tree-based session times out, you will see errors such as the following in the Authentication debug log:

amAuth:04/15/2019 03:39:02:115 PM BST: Thread[http-nio-8080-exec-240,5,main]: TransactionId[ede0c584-8e19-4888-baba-b6cf2888e289-505507] ERROR: Unable to construct an appropriate auth session Failed to create session at at at at at sun.reflect.GeneratedMethodAccessor137.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke( at java.lang.reflect.Method.invoke( ... Caused by: org.forgerock.openam.dpro.session.InvalidSessionIdException: Invalid session ID.Session not found. This likely means it has expired and been removed.

Setting the login page session timeout

You can configure the login page session timeout using either the AM admin UI, Amster or ssoadm:

  • AM admin UI: navigate to: Realms > [Realm Name] > Authentication > Settings > Trees > Max duration (minutes) and enter the required number of minutes.
  • Amster: follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
    • Entity: Authentication
    • Property: authenticationSessionsMaxDuration
  • ssoadm: enter the following command: $ ./ssoadm set-realm-svc-attrs -s iPlanetAMAuthService -e [realmName] -u [adminID] -f [passwordfile] -a openam-auth-authentication-sessions-max-duration=[minutes] replacing [realmName], [adminID], [passwordfile] and [minutes] with appropriate values.

See Also

How do I modify the prompt text shown when authenticating to a tree in AM (All versions)?

Core Token Service (CTS) and sessions in AM

Core authentication attributes

Related Training

ForgeRock Access Management Deep Dive (AM-410)

Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.