Component:

SSO

 

Article Description:

There may be an issue observed when Ephesoft is configured over SSO with ADFS where the logged in users may be seeing frequent session timeout issues on keeping the application idle for some time and are redirected to distorted page when they try to login again.

This article provides information on how the session timeout setting be configured at Ephesoft as well as ADFS side to ensure the session timeout only happens when the token expiration date is reached.

 

Root Cause: The distorted page occurs when there are some failures with IDP authentication. Since users are facing the issue after leaving the system inactive for certain time, it could be because of IDP token getting expired at application end. 

 

Steps to Configure Session Timeout setting when Ephesoft configured over SSO:

1. Comment the session-timeout defined in web.xml

2. In applicationContext-security.xml, add a property maxAuthenticationAge to bean class WebSSOProfileConsumerImpl as shown below. The maxAuthentication age(in seconds) determines the maximum session time set for the IDP.

 

3. Default value at Ephesoft side is 7200 seconds which can be overridden and matched with session timeout setting at ADFS side.

4. To configure the session timeout settings at ADFS side please follow the link here.