SSO Partner Application and Session Time out

Similar Messages

• Form based login, iframes and session time out

  Hi all,
  I'm trying to create a site using form based login.
  The site contains a page protected page, default.jsp that have a logout button/link (clicking it invalidates the session), and a navigation bar with links linking opening them in iframes inside the default.jsp page:
  I have also a login.jsp page and and a error.jsp page
  Everything works fine I can login, I can logout. My problem occurs when the session times out and the user tries to access protected contents in the internal frames. He then is promted for a new login. The problem is that the login,jsp page now turns up inside the jframe designatet for my contents.
  I woud have liked the login page to turn up at the top level i.e. filling the entire browser window (i.e on the same level as the default.jsp page). Is this somehow possible?
  Regards
  Uno Engborg

  Easy answer: use JS to jump out iframe.
  Best answer: don't use iframes, but use server side includes like jsp:include. Iframes have too much disadvangages, topping the extremely bad SEO and UX.

• HFM Web Sever Configuration--Keep Alive and Session Time Out Optimal Config

  We recently implemented an HFM 9.3.1 environment. We are using Windows 2003 Enterprise SP2 servers with IIS6. We have two HFM Web servers connecting to an application cluster with two application servers in the cluster. We were getting some errors when trying to unlock HFM cells in Workspace, but we were able to perform the functions fine on the application using the WIN32 client.
  I opened a ticket with support and they recommended modifying the subcontext.properties file located in %HYPERION_HOME%\deployments\WebLogic9\servers\Workspace\webapps\workspace\conf. They recommended changing the following settings:
  #KeepAliveInterval=30
  #SessionTimeout=60
  From what I understand, these settings are for the communication between the HFM Web Servers and the application cluster servers. I'm wondering how changing these settings may affect our environment. Are there negative effects and/or trade-offs for changing these settings? Is there a recommended threshold or maximum value?

  Hi Dinesh,
  This cannot be achieved without development enhancements to some standard SAP framework component, to introduce a "keep-alive" concept. If you are using a CMS for CTI or email integration, you need to ensure it supports keeping the communications session alive also.
  Sincerely,
  Glenn
  Glenn Abel
  Covington Creative
  www.covingtoncreative.com

• Session Time out - Relogin not redirecting

  Hi,
  If I am in a particular page of an application, and session times out, I get Page Expired window. On click of that, it takes me to login page. After I relogin, it is NOT redirecting me to the page where the time out happened. It just redirects to the Application Main page. Is there a way to let ADF redirect to the page where time out happened?
  Thanks,

  Hi Aluvala,
  Based on the current description, I understand that you would like to change the error message to custom message. The issue relates to Render Extension. Currently, the behavior which changes the error message to custom message is not supported. Therefore,
  I would suggest you submitting a wish at
  https://connect.microsoft.com/sql. Connect site is a connection point between you and Microsoft, and ultimately the larger community. Your feedback enables Microsoft to make software and services the best that they can be, and you can learn about and contribute
  to exciting projects.
  If you still want to make custom render message, you can try to create custom render extension while it is not easy.
  Hope this helps.
  Regards,
  Heidi Duan
  Heidi Duan
  TechNet Community Support

• SSO - session time out while navigating across applications

  Hi,
  Problem statement
  Handling session time out while navigating across applications involving SSO
  Current approach
  Application 1
  1. Create session1.
  2. URL rewrite the sesssion ID1 into the link refering to App2.
  Application 2
  1. Create session2
  2. Get the session Id of App1.
  3. send the session ID of App1 in the header
  4. Invalidate the session2
  Application 1
  Get the ID from request and invoke getSession.
  I'm having a very large session timeout at App1.
  Is there a better approach. Ex: Having global session which is shared across multiple
  webapplications.

  "madhav" <[email protected]> wrote:
  >
  Hi,
  Problem statement
  Handling session time out while navigating across applications involving
  SSO
  Current approach
  Application 1
  1. Create session1.
  2. URL rewrite the sesssion ID1 into the link refering to App2.
  Application 2
  1. Create session2
  2. Get the session Id of App1.
  3. send the session ID of App1 in the header
  4. Invalidate the session2
  Application 1
  Get the ID from request and invoke getSession.
  I'm having a very large session timeout at App1.
  Is there a better approach. Ex: Having global session which is shared
  across multiple
  webapplications.
  I have similiar problems in my system. What do you do if the session 1 times out
  during ongoing operations in App 2 ?
  Thanks
  Kejuan

• BC4J, Auditing, Partner Application and SSO

  I am trying to figure out how to set up a BC4J-JSP app to use "database audit trail in entity objects" within a Portal/SSO environment.
  Here is the situation;
  Part 1:
  I am able to partially get the auditing to work on a BC4J App Module in the tester by setting the appropriate history columns in the Entity Object and then setting the jbo.security.enforce property to "Test". Upon entering the tester I am challenged for a "username/password". At this point I can enter any credentials, I can then enter some data. Visually checking the database I find that the history "date" columns (date_created) are ok but the "user" columns (created_by) are not filled in.
  Part 2:
  Now if I set jbo.security.enforce property to "Test". I am not sure what user credential to enter here. I have looked at OID Manager for some clues for what username/password but I'm not sure if this is even in the ballpark.
  Part 3:
  At some point I will deploy this app as an SSO/Partner Application which will be accessed from a Portal page. Since authentication is handled by the SSO login page, I am confused about setting up the "database audit trail in entity objects" (from Part 1) as it talks about creating * another * login page. This seems contradictory so Long postings are being truncated to ~1 kB at this time.

  Part 1:
  When setting jbo.security.enforce property to "Test", BC4J does not throw exception if credential is invalid. You should set it to "Must" if you really want to validate the credential. The "Test" setting does perform the authentication, a warning stating authentication fail is in the diagnostic output if the username/password is invalid. The "Test" setting is just to exercise the authentication but if it fail it does not stop the rest of the application. The "user" column (created_by) does not get fill could be cause by failed authentication or if the column is marked as Refresh on Update or Refresh on Insert, or if the client app insert null or zero length string into it.
  Part 2:
  BC4J default authentication uses the LoginModule from Oracle9iAS JAAS (in j2ee\home\jazn.jar). This LoginModule by default configure to use the lightweight jazn-xml. You can check this by looking "<jazn provider=..." in the j2ee\home\config\jazn.xml. If you are interested in using OID, you need to change it to <jazn provider="LDAP" location="ldap://myoid.us.oracle.com:389" />, "myoid.us.oracle.com:389" should be host address and port of your OID. There are a few predefined users in the lightweight jazn-xml if you wish to test it, there are admin/Long postings are being truncated to ~1 kB at this time.

• Session Time Out capturing for legacy application running in portal

  Hi Forums,
  I am using portal URL  iView to connect to legacy application. How to capture the session time of of that legacy application and show it in the portal. In portal I have already handled session time out which shows a javascript popup message. I want to call the same piece of code once session time out happens in the legacy application which is been accessed by portal through URL iview.
  Many Thanks and Best Regards
  Sudhir

  Hi Sudhir,
  The handling of the session timeout should be done by the application itself not the portal. From the portal you have no way of working out what the application is doing. My suggestion to you is that you need to modify the application to handle the scenario you describe not the portal.
  BRgds,
  Simon

• Session time out when working in application level

  Hi
  We are upgraded our PROD environment from 11.5.10.2 to R12.1.3
  When end user working at application level then it is throughing the session time out error, end user is not idle state he active and working on application level
  I have checked the profile ICX:Session Timeout it is 30
  Thanks
  Shaik

  Hi;
  Please see:
  ICX:SESSION TIME OUT
  Re: Inccreasing the timeout  parameter for the Oracle R12 session
  Also see:
  How AutoConfig sets ICX: Session Timeout [ID 307149.1]
  How To Manage Timeout at Responsibility Level [ID 412224.1]
  Regard
  Helios

• Session time out in ADF 11g application.

  Hi,
  I am working for the ST BPO Project. We have one ADF application that is migrated from 10g to 11g.And our application is deployed on the weblogic server.
  we are facing some session time out issues in the application which is intermittent and whenever we leave the web page for some times, the session get timed out and page gets errored out.
  We have set the session time out parameter in web.xml as well as for AM.
  Session Management:
  Following are the parameters which we have set already.
  1.     Web.xml
  We have put the following session time out in web.xml:
  <session-config>
  <session-timeout>180</session-timeout>
  </session-config>
  2.     bc4j.xcfg
  We have set the timetolive property of AM as:
  <AM-Pooling jbo.ampool.timetolive="10000000" jbo.pooltimetolive="10000000"/>
  3.     Also for the DB we have set the session time out to 180 mins.
  But if we leave the page for say some times around 5-10 min, the session of the page expires and it throws error.
  Also, as per our investigation : After some times the view id of the page gets expired and hence the issue comes. Also the behaviour is only on the weblogic server and we don't face any issues in the local set up.
  Kindly help us in solving this problem. Also let me know if any further details is required.
  Thanks
  Namit.

  Hi,
  suggest you also contact customer support on this issue. The version of your JDeveloper 11g release may matter as well
  Frank

• Session time out in a web application

  Hi,
  I am making a struts based web application. For session time out validation I have made an entry in the web.xml file as <session-config>
            <session-timeout>1</session-timeout>
       </session-config>
  In case the user's session time out occurs then he should be directed back to the log in page.
  Can any one tell me how to proceed in this case and what are the best practices.
  thanks

  Hi
  I've tested it with OC4J and it works both ways.
  I do think that you must have the
  <session-config> tag present though for the setMax... method to
  work, observe that this method is for seconds and not millisecond
  regards
  //Mike
  Hi all,
  I try to manage by my application the http session time-out.
  Change it in a web.xml works fine , but if in my servlet i try
  to change it using setMaxInactiveInterval(MILLISECOND) the result
  is that the session became invalidate after few seconds instead
  50 minutes ad example ....
  Answer ????
  thks
  Carlo Mossa

• Session time out in Websphere Application Server

  Hi ,
  I am using Websphere Application server 5.1 . I need to set the session time out for my web application. Actually, i edited the web.xml and set the value
  <session-config>
            <session-timeout>10</session-timeout>
       </session-config>But when I am refreshing my jsp page, after 10-15 mts, i am able to get a valid page without any problem. Actually since the session time out is 10 mts , I should not get a valid page after 10 mts . I tried one more option for setting the session time out . I opened the admin console of my App server and set the session time out there too. But session not seems to be timing out after 10-15 mts. I am still able to get a valid jsp page. I have many session attributes in that page. So after 10 mts, i should not get a valid page.. I dont know, what's wrong in my configuration. If some body knows the answer please help me.
  thanks in advance.
  Aneesh K

  So what you're trying to achieve is that the ui closes or becomes invalid if no action has been performed for a certain time? That should be easy enough, install a javax.swing.Timer somewhere in your application and set it to the time you desire. Whenever the user performs an action, invoke reset() on the timer (it's a fairly cheap operation). If the timer fires, you know the timeout occured.
  You have to decide for yourself what you consider a 'user action' in this context. If you want the session to stay alive as long as the user is still doing something, just install an AWTEventListener, which can react to pretty much anything, mouse movement, keyboard input etc.

• Session time out in Application server -reg

  hi friends
  We have Oracle Application server 10g in cluster mode in our organization. We are using Oracle Forms and Reports . But there is one issue. If the user keeps the screen idle for more than 20 min the system gets timed out and requires sdba authentication . We actually increased the time out value. But we could not able to remove sdba authentication. Our aim is to remove authentication after session time out. It is ok even if the application completely closes and comes out of the screen. But the user must not be asked to enter sdba credentials after system is idle for the time out period.
  M.C.Jayanarayan

  Hi,
  you posted this question to the JDeveloper forum, where it may be better posted to the application server forum or the Forms forum
  Frank

• Session time-out and password security

  Hi,
  I have a webservice utility, deployed on several platforms (as an EAR on weblogic and webspere, as a WAR on tomcat), they all exhibit the same feature: on first connection, a username/password box pops up, but after the session times out (after 20 minutes or so of inactivity) and the it receives a new page request, instead of re-asking for the username/password, the app just jumps back to its own start page, and then continues without asking.
  How can I make it to pop-up the username/password box again?
  The security is implemented through the web.xml file:
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>Success</web-resource-name>
        <url-pattern>/Logparser</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
        <role-name>webuser</role-name>
      </auth-constraint>
    </security-constraint>
    <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>default</realm-name>
    </login-config>
    <security-role>
      <role-name>webuser</role-name>
    </security-role>I found that this in itself was not good enough security as you would be able to go directly to one of the sub-pages (if you know the url), and to prevent that I pass (and check) the session-id with each page request.
  (all java servlets).
  Obviously something is missing, but I don't know what
  thanks
  Michael

  Hi Michael,
  Your web application is currently configured to use BASIC authentication.
  Instead if you use FORM-based authentication, then any new request (after your web application session times out) will be redirected to the login page. The Servlet specification has more information about FORM-based login.
  If you have a Sun ONE Web Server 6.1 or a Sun Java System Web Server 7.0 installation you can find a sample that uses form-login in the following directory
  6.1: <install-directory>/plugins/java/samples/webapps/security/form-auth
  7.0: <install-directory>/samples/java/webapps/security/form-auth

• Application session time out

  Hello
  i have an application deployed on weblogic 11. after 30mins the application session times out.
  1.how can increase this time.
  2. can this be done in weblogic since on the application side there is no configuration for the time out.
  please assist me
  Thanks

  Hello;
  On middleware the default should be 3600 seconds.
  To change :
  Login to the WebLogic Administration Console
  Under domain structure click Deployments
  Click on the "em" Enterprise Application
  Click on the Configuration Tab
  Set "Session Timeout (in seconds):" to 7200 ( or whatever you want )
  Hit the Save button to save your changes in the deployment plan
  I would make sure an idle timeout in not set in the database profile as well.
  Best Regards
  mseberg
  Also worth a look :
  How to Troubleshoot Oracle Fusion Middleware 11g OPMN Issues? [ID 1303000.1]
  Edited by: mseberg on Oct 28, 2011 12:41 PM

• Session Time out  and session_timeout.jsp

  We have Sun Java Identity Server 2005 Q1 installed as part of our Sun Java System Portal Server 2005 Q1 install.
  When the authentication session times out, it redirects the user back to the login page. I remember that in 6.2 it used to show up the session_timeout.jsp page? Is there any way to make it work that way in Q1 2005 ?

  To be more specific, find your top level desktop display profile (marked as Default Channel Name) container name. Then go to Portal desktop type (default, or sampleportal, or...) with above container directory. (ex: /etc/opt/SUNSWps/desktop/default/JSPTabContainer) Modify header.jsp and/or menubar.jsp (something ...?action=logout with goto=http:///.....) HTH, Jerry