Our portal wbsite needs 15min idle time expiry with OSSO agent.
SSO agents do not pick up the setting of OAM server because of the fact that there are no roundtrips to OAM server with an OSSO agent.
I configured GITO cookie in OAM11g with the WLST command:
In mod_osso.conf I changed the setting OssoIdleTimeout from off to on.
The cookie is created by OAM11g (220.127.116.11 BP3) server during login proces. The browser sends the cookie to the OHS server with mod_osso protection.
But after the idle time the user is not forced to re-authenticate!
According to documentation the mod_osso should have used the GITO cookie for the idle time. The GITO cookie seems to conatin the last access time and the idle timeout however this is encrypted.
How does mod_osso know about the GITO cookie name and the key used for encryption ?
suggestions about how to get idle time expiry with OSSO agents in OAm11g are appreciated
Create a new osso.conf via rreg or OAM console after the WLST command to enable GITO has been executed. The osso.conf file contains entries for the cookie name and the idle time. The osso.conf is encrypted for security reasons.