How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure realm level session timeouts in AM (All versions)?

Last updated Apr 13, 2021

The purpose of this article is to provide information on setting realm level session timeouts in AM. This allows you to have different session timeouts per realm and any realm level settings override the global settings for the specific realm.


1 reader recommends this article

Overview

There are two realm level session timeouts, which override the global settings: Maximum Session Time, which is the maximum number of minutes that a session can remain active before a user is required to re-authenticate and Maximum Idle Time, which is the maximum number of minutes that a session can be idle before a user must re-authenticate.

Prerequisites

In order to be able to set these properties at the realm level, you must ensure at least one of the identity stores in the realm has the following value set for the LDAPv3 Plugin Supported Types and Operations attribute:

realm=read,create,edit,delete,service

Configuring realm based session timeouts

Note

You may need to add the Session service if it is not listed under Services by clicking Add a Service or Add and then selecting Session. If you are using ssoadm, you can replace set-realm-svc-attrs in the ssoadm command with add-svc-realm to add this service and set the attributes with the same command.

You can configure the realm session timeouts using either the console or ssoadm:

  • Console: navigate to: Realms > [Realm Name] > Services > Session and enter the required number of minutes for the maximum session time and / or maximum idle time.
  • ssoadm: enter the following command for maximum session time: $ ./ssoadm set-realm-svc-attrs -s iPlanetAMSessionService -e [realmname] -u [adminID] -f [passwordfile] -a iplanet-am-session-max-session-time=[minutes]replacing [realmname], [adminID], [passwordfile] and [minutes] with appropriate values.
  • ssoadm: enter the following command for maximum idle time $ ./ssoadm set-realm-svc-attrs -s iPlanetAMSessionService -e [realmname] -u [adminID] -f [passwordfile] -a iplanet-am-session-max-idle-time=[minutes]replacing [realmname], [adminID], [passwordfile] and [minutes] with appropriate values.

See Also

How do I configure session timeouts in AM (All versions)?

How do I configure user-level session timeouts in AM (All versions)?

How do I configure login page session timeouts in AM (All versions) when using authentication modules?

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.