How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure the login page session timeout in AM 5.5.x, 6.x and 7.x when using authentication trees?

Last updated Feb 24, 2021

The purpose of this article is to provide information on setting the login page session timeout in AM when you are using authentication trees.


The login page session timeout specifies the duration in minutes before the AM login page times out and the session (if it is CTS-based) is removed from the CTS store if a user does not log in. The default for the login page session timeout is five minutes.

If a tree-based session times out, you will see errors such as the following in the Authentication debug log:

amAuth:04/15/2019 03:39:02:115 PM BST: Thread[http-nio-8080-exec-240,5,main]: TransactionId[ede0c584-8e19-4888-baba-b6cf2888e289-505507] ERROR: Unable to construct an appropriate auth session Failed to create session at at at at at sun.reflect.GeneratedMethodAccessor137.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke( at java.lang.reflect.Method.invoke( ... Caused by: org.forgerock.openam.dpro.session.InvalidSessionIdException: Invalid session ID.Session not found. This likely means it has expired and been removed.

Setting the login page session timeout

You can configure the login page session timeout using either the console, Amster or ssoadm:

  • Console: navigate to: Realms > [Realm Name] > Authentication > Settings > Trees > Max duration (minutes) and enter the required number of minutes.
  • Amster: follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
    • Entity: Authentication
    • Property: authenticationSessionsMaxDuration
  • ssoadm: enter the following command: $ ./ssoadm set-realm-svc-attrs -s iPlanetAMAuthService -e [realmName] -u [adminID] -f [passwordfile] -a openam-auth-authentication-sessions-max-duration=[minutes] replacing [realmName], [adminID], [passwordfile] and [minutes] with appropriate values.

See Also

How do I modify the prompt text shown when authenticating to a tree in AM 5.5.x, 6.x and 7.x?

Core Token Service (CTS) and sessions in AM

Authentication and Single Sign-On Guide › Core Authentication Attributes

Related Training

ForgeRock Access Management Core Concepts (AM-400)

Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.