Forum Discussion
APM Session timeout splash
Hi All,
We are using APM as oauth client to provide SSO for applications hosted behind LTM, the problem we are facing now F5 is not automatically providing any sign about session timeout, user has to refresh the screen to get the authentication page again
is there anyway to implement the timeout splash same as above for max session timeout ? any hit will be appreciated
- Lucas_ThompsonEmployee
APM does offer the ability to inject a timeout pop-up into a 3rd party web app, but this feature is part of Portal Access Rewrite, which we don't recommend using for most web apps due to compatibility problems with obfuscated and minified modern web app frameworks.
Because APM can't really "inject pop-up screens" into 3rd party web apps with reasonable reliability, how would you like the system to behave? We have full control over all HTTP requests and responses, so we can redirect users or modify the APM "Your session is timed out" screen.
- sinumAltostratus
There are couple of issues i want to cover. now we are using siteminder and all of these use-case are covered but we have problem when we switch to APM.
APM mode: as oauth client
- Application must redirect to login page after inactivity timeout. after apm integration need a browser refresh from user to redirect back to login page.
- Timeout message or auto refresh for SSO login page, now sso login page is not refreshing or updating if the page is idle, this behavior leads to failed response from APM
Thanks for your response and support
- Lucas_ThompsonEmployee
Great, thanks for the additional detail.
For both of these, do you know how they operate in your current Siteminder deployment? Does the Siteminder inject javascript timeout warnings or somehow cause the app to refresh or update? Does the app hold a different configuration that causes the redirect? Web apps have various mechanisms to do these kinds of functions, unfortunately there is no "standard way" to do it, so each web app is unique.
- sinumAltostratus
Lucas_Thompson as per our admin siteminder policy server maintain the session based on the activity time timeout will trigger based on last activity time
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com