Redirect a User after a Session Time-out

Session time-outs are set when you configure a realm with the Administrative UI. When a user’s session times out, the Web Agent does one of the following actions:
sm1252sp1
Session time-outs are set when you configure a realm with the Administrative UI. When a user’s
CA Single Sign-On
session times out, the Web Agent does one of the following actions:
  • Rechallenges the user for credentials
  • Redirects the user to another URL
If a redirect URL is specified, the user is sent to that destination page. If the page is unprotected, the user is granted direct access to that page. If the page is protected, the user is challenged for credentials before being granted access to the page. If no redirection URL has been specified, the Web Agent rechallenges the user for credentials after a session time-out.
You can redirect users whose sessions time out to a URL with a customized web page, which explains why their session has been terminated and how they can reestablish it. For example, you can create a custom web page that displays a message such as, "You have been logged out automatically as a security precaution. Please login again to continue."
If the user is not redirected to another page after a session times out,
CA Single Sign-On
challenges the user again. This may confuse users because they may not understand why they are being asked to reauthenticate.
To redirect users to different URLs after session time-outs
  1. Add the following parameters to your Agent Configuration Object or your local configuration file:
    • IdleTimeoutURL
      Specifies the URL where the Web Agent should redirect the user when the idle time-out for the session occurs.
      IdleTimeoutURL should only be used for non-persistent sessions; it has no effect if configured for persistent sessions.
    • MaxTimeoutURL
      Specifies the URL where the Web Agent should redirect the user when the maximum time-out for the session occurs.
      Default:
       No default
  2. Enter one URL for each of the previous parameters. You can use the same URL for all of the parameters, or you may use different URLs for each.
    If the idle timeout and maximum timeout values for a session (set in the Policy Server) occur at the same time and the IdleTimeoutURL and MaxTimeoutURL parameters are set, the user is redirected to the URL specified in the MaxTimeoutURL parameter when a time-out occurs.