1 Reply Latest reply: Feb 7, 2013 3:12 AM by Bert Dondertman RSS

    Idle time expiry with OSSO Agents in OAM11g

    Bert Dondertman
      HI,

      Our portal wbsite needs 15min idle time expiry with OSSO agent.
      SSO agents do not pick up the setting of OAM server because of the fact that there are no roundtrips to OAM server with an OSSO agent.

      I configured GITO cookie in OAM11g with the WLST command:
      editGITOValues(gitoEnabled="true",gitoCookieDomain=".linuxserver.dev",gitoCookieName="GITO_LINUXSERVER_DEV",gitoVersion="v3.0",gitoTimeout="5",gitoSecureCookieEnabled="false")

      In mod_osso.conf I changed the setting OssoIdleTimeout from off to on.

      <IfModule osso_module>
      OssoIpCheck off
      OssoIdleTimeout on
      OssoSecureCookies off

      The cookie is created by OAM11g (11.1.1.5 BP3) server during login proces. The browser sends the cookie to the OHS server with mod_osso protection.

      But after the idle time the user is not forced to re-authenticate!

      According to documentation the mod_osso should have used the GITO cookie for the idle time. The GITO cookie seems to conatin the last access time and the idle timeout however this is encrypted.
      How does mod_osso know about the GITO cookie name and the key used for encryption ?

      suggestions about how to get idle time expiry with OSSO agents in OAm11g are appreciated

      Regards,

      Bert