Forum Discussion

sinum's avatar
sinum
Icon for Altostratus rankAltostratus
Aug 15, 2024

APM Session timeout splash

Hi All,

We are using APM as oauth client to provide SSO for applications hosted behind LTM, the problem we are facing now F5 is not automatically providing any sign about session timeout, user has to refresh the screen to get the authentication page again   

is there anyway to implement the timeout splash same as above for max session timeout ? any hit will be appreciated 

APM
LTM
sso apm
  • sinum's avatar
    sinum
    Icon for Altostratus rankAltostratus
    Aug 21, 2024

    Lucas_Thompson

    There are couple of issues i want to cover. now we are using siteminder and all of these use-case are covered but we have problem when we switch to APM.

    APM mode: as oauth client

    1. Application must redirect to login page after inactivity timeout. after apm integration need a browser refresh from user to redirect back to login page. 
    2. Timeout message or auto refresh for SSO login page, now sso login page is not refreshing or updating if the page is idle, this behavior leads to failed response from APM

    Thanks for your response and support

    • Lucas_Thompson's avatar
      Lucas_Thompson
      Icon for Employee rankEmployee
      Aug 21, 2024

      Great, thanks for the additional detail.

      For both of these, do you know how they operate in your current Siteminder deployment? Does the Siteminder inject javascript timeout warnings or somehow cause the app to refresh or update? Does the app hold a different configuration that causes the redirect? Web apps have various mechanisms to do these kinds of functions, unfortunately there is no "standard way" to do it, so each web app is unique.

       

      • sinum's avatar
        sinum
        Icon for Altostratus rankAltostratus
        Aug 22, 2024

        Lucas_Thompson  as per our admin siteminder policy server maintain the session based on the activity time timeout will trigger based on last activity time

         

  • Lucas_Thompson's avatar
    Lucas_Thompson
    Icon for Employee rankEmployee
    Aug 20, 2024

    APM does offer the ability to inject a timeout pop-up into a 3rd party web app, but this feature is part of Portal Access Rewrite, which we don't recommend using for most web apps due to compatibility problems with obfuscated and minified modern web app frameworks.

     

    Because APM can't really "inject pop-up screens" into 3rd party web apps with reasonable reliability, how would you like the system to behave? We have full control over all HTTP requests and responses, so we can redirect users or modify the APM "Your session is timed out" screen.