Novell Home

My Favorites

Close

Please to see your favorites.

Users asked to authenticate again while session appears to be valid

This document (7007222) is provided subject to the disclaimer at the end of this document.

Environment

Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server

Situation

Access Manager setup with Linux Access Gateway (LAG) protecting back end Web Server resources. Multiple proxy services exist for different back end Web servers. All users authenticate at the Identity (IDP) Server executing the same LAG protected resource assigned contracts. Timeout per protected resource is enabled with a contract timeout set to 60 minutes. Authentication and single sign on to back end Web servers all working fine.

Some users report that while browsing to certain resources, they are redirected to the IDP login page again. This often occurs after the user has been idle for a period of time (close to the 60 minute timeout but short of it), and if the user has switched applications and hence proxy services. Due to the nature of some of the back end applications (AJAX based), users would

- get prompted to authenticate again
- loop with 302 redirects between the LAG and IDP servers (some AJAX clients did not send the LAG session cookie back to the LAG server after a redirect)
- sometimes see 403 errors after reauthenticating (in the case of custom login pages submiting credentials twice with a HTTP POST)

When the user has not been idle for a period of time close to the session timeout, the above symptoms never appear.

Resolution

Apply Access Manager 3.1.2 IR3 (3.1.2-345) or greater.

There was an issue with the update status generated by the timeout per protected resource code causing the ESP and IDP session timeouts to be out of sync after the users was idle for more than  2/3rs of the configured session timeou.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7007222
  • Creation Date:17-NOV-10
  • Modified Date:26-APR-12
    • NetIQAccess Manager (NAM)

Did this document solve your problem? Provide Feedback