How To

How do I configure the login page session timeout in AM 5.5.x and 6.x when using authentication trees?

Last updated Oct 22, 2019

The purpose of this article is to provide information on setting the login page session timeout in AM when you are using authentication trees.


Overview

The login page session timeout specifies the duration in minutes before the AM login page times out and the session (if it is CTS-based) is removed from the CTS store if a user does not log in. The default for the login page session timeout is five minutes.

If a tree-based session times out, you will see errors such as the following in the Authentication debug log:

amAuth:04/15/2019 03:39:02:115 PM BST: Thread[http-nio-8080-exec-240,5,main]: TransactionId[ede0c584-8e19-4888-baba-b6cf2888e289-505507]
ERROR: Unable to construct an appropriate auth session
org.forgerock.openam.core.rest.authn.exceptions.RestAuthException: Failed to create session
   at org.forgerock.openam.core.rest.authn.trees.AuthTrees.constructAuthSession(AuthTrees.java:408)
   at org.forgerock.openam.core.rest.authn.trees.AuthTrees.invokeTree(AuthTrees.java:218)
   at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:203)
   at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:163)
   at sun.reflect.GeneratedMethodAccessor137.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:498)
...
Caused by: org.forgerock.openam.dpro.session.InvalidSessionIdException: Invalid session ID.Session not found. This likely means it has expired and been removed.

Setting the login page session timeout

You can configure the login page session timeout using either the console, Amster or ssoadm:

  • Console: navigate to: Realms > [Realm Name] > Authentication > Settings > Trees > Max duration (minutes) and enter the required number of minutes.
  • Amster: follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
    • Entity: Authentication
    • Property: authenticationSessionsMaxDuration
  • ssoadm: enter the following command:
    $ ./ssoadm set-realm-svc-attrs -s iPlanetAMAuthService -e [realmName] -u [adminID] -f [passwordfile] -a openam-auth-authentication-sessions-max-duration=[minutes]
    replacing [realmName], [adminID], [passwordfile] and [minutes] with appropriate values.

See Also

How do I modify the prompt text shown when authenticating to a tree in AM 5.5.x and 6.x?

Core Token Service (CTS) and sessions in AM/OpenAM

Authentication and Single Sign-On Guide › Trees

Related Training

ForgeRock Access Management Core Concepts (AM-400)

Related Issue Tracker IDs

N/A



Copyright and TrademarksCopyright © 2019 ForgeRock, all rights reserved.
Loading...