Redirect a User after a Session Time-out
Session time-outs are set when you configure a realm with the Administrative UI. When a user’s session times out, the Web Agent does one of the following actions:
Session time-outs are set when you configure a realm with the Administrative UI. When a user’s
CA Single Sign-Onsession times out, the Web Agent does one of the following actions:
- Rechallenges the user for credentials
- Redirects the user to another URL
If a redirect URL is specified, the user is sent to that destination page. If the page is unprotected, the user is granted direct access to that page. If the page is protected, the user is challenged for credentials before being granted access to the page. If no redirection URL has been specified, the Web Agent rechallenges the user for credentials after a session time-out.
You can redirect users whose sessions time out to a URL with a customized web page, which explains why their session has been terminated and how they can reestablish it. For example, you can create a custom web page that displays a message such as, "You have been logged out automatically as a security precaution. Please login again to continue."
If the user is not redirected to another page after a session times out,
CA Single Sign-Onchallenges the user again. This may confuse users because they may not understand why they are being asked to reauthenticate.
To redirect users to different URLs after session time-outs
- Add the following parameters to your Agent Configuration Object or your local configuration file:
- IdleTimeoutURLSpecifies the URL where the Web Agent should redirect the user when the idle time-out for the session occurs.IdleTimeoutURL should only be used for non-persistent sessions; it has no effect if configured for persistent sessions.
- MaxTimeoutURLSpecifies the URL where the Web Agent should redirect the user when the maximum time-out for the session occurs.Default:No default
- Enter one URL for each of the previous parameters. You can use the same URL for all of the parameters, or you may use different URLs for each.If the idle timeout and maximum timeout values for a session (set in the Policy Server) occur at the same time and the IdleTimeoutURL and MaxTimeoutURL parameters are set, the user is redirected to the URL specified in the MaxTimeoutURL parameter when a time-out occurs.