Web Portal timeout duration vs RSTS authentication

My question concerns to Web portal session timeout.

In my use-case I had to setup a timeout session to 15 minutes.

I've followed this guideline https://support.oneidentity.com/identity-manager/kb/213794/how-to-increase-the-web-portal-timeout-duration which worked like a charm.

Then the use-case has been changed so I had to change authentication method to "OAuth 2.0/OpenID Connect (role based)". Note that I am using Redistributable Secure Token Server (RSTS) as OpenID Provider.

Since that change the session timeout doesn't work.

Can you please advise how to fix that?

0 Hanno Bunjes over 3 years ago

Hi,

The guideline applies to OAuth/RSTS authentication as well. What exactly is not working?
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 kamil brzakala over 3 years ago in reply to Hanno Bunjes

Hi Hanno

While being authenticated by OAuth I left the session opened on last Friday afternoon and that session kept me logged in Webportal until Monday.

I expected the session to be logged out after 15 minutes.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 Hanno Bunjes over 3 years ago in reply to kamil brzakala

Hi,

Once you have logged in, and you have an open browser window, the session is kept alive and the session timeout does not kick in.

The lifetime of the Oauth tokens can be configured in the RSTS admin page:

https://<servername>/RSTS/Admin/Settings/General
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 kamil brzakala over 3 years ago in reply to Hanno Bunjes

Hi,

In my environment there is no such "RSTS/Admin/Settings/General" url available

I have only these:

https://<servername>/RSTS/Admin/Settings/IssuerName

https://<servername>/RSTS/Admin/Settings/Password

https://<servername>/RSTS/Admin/Settings/LoginPageImages

https://<servername>/RSTS/Admin/Settings/Ports
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Endpoint Privilege Management

Web Portal timeout duration vs RSTS authentication