Users asked to authenticate again while session appears to be valid
This document (7007222) is provided subject to the disclaimer at the end of this document.
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Some users report that while browsing to certain resources, they are redirected to the IDP login page again. This often occurs after the user has been idle for a period of time (close to the 60 minute timeout but short of it), and if the user has switched applications and hence proxy services. Due to the nature of some of the back end applications (AJAX based), users would
- get prompted to authenticate again
- loop with 302 redirects between the LAG and IDP servers (some AJAX clients did not send the LAG session cookie back to the LAG server after a redirect)
- sometimes see 403 errors after reauthenticating (in the case of custom login pages submiting credentials twice with a HTTP POST)
When the user has not been idle for a period of time close to the session timeout, the above symptoms never appear.
There was an issue with the update status generated by the timeout per protected resource code causing the ESP and IDP session timeouts to be out of sync after the users was idle for more than 2/3rs of the configured session timeou.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7007222
- Creation Date:17-NOV-10
- Modified Date:26-APR-12
- NetIQAccess Manager (NAM)
Did this document solve your problem? Provide Feedback