Siebel Security Guide > Web Single Sign-On Authentication >

Configuring the Session Timeout

You can configure an expiration period for a Siebel session by setting a session timeout value in both Siebel Business Applications and many Web SSO authentication service providers. The timeout values must be the same for both applications. If you configure a timeout value for your Siebel application that is shorter than the one you configure for your Web SSO authentication service, users can re-establish their Siebel session after it times out without providing login credentials.

The procedures in this topic describe how to configure the session timeout. To make sure that users must re-authenticate after the timeout limit is reached, you must also configure the same timeout value for your Web SSO authentication service. For information on the Siebel SessionTimeout parameter, see About the SessionTimeout Parameter.

Configuring the Session Timeout

To configure the session timeout for your Siebel application and for the Web SSO authentication service, perform the steps in the following procedure.

To configure the session timeout

1. To configure the session timeout for the Siebel application:
   1. Navigate to the eapps.cfg file located in the SWSE_ROOT\BIN directory.
   2. Set the value of the SessionTimeout parameter as required.
   3. Restart the Siebel Web server.
2. To configure the session timeout for the Web SSO authentication service, follow your Web SSO vendor's procedure for setting session timeout values. Specify the following values:
   1. Change the value of the Maximum user session time (seconds) field.

      Set this value to be just longer than the session timeout value you specified for the Siebel application.

   2. Change the value of the Idle session time (seconds) field.

      Set this value to be the same as the value you set for the Siebel application.

Testing the Web Single Sign-On Session Timeout Configuration

After configuring the session timeout values for your Siebel application and Web SSO authentication service, verify that the session timeout values work correctly by performing the steps in the following procedure.

To test the Web SSO session timeout configuration

1. Configure the Web SSO session timeout to be five minutes and restart the Web servers.
2. Open a Web browser and access the Web server's main page (http://hostname).

   The main page is displayed; user authentication should not be required.

3. Access the Siebel URL for the Web server from the same browser used in Step 2.

   Basic authentication should be required.

4. Enter valid Siebel user credentials.

   The Siebel application should be displayed.

5. Leave the browser window open and idle for more than five minutes.
6. Refresh the browser window using the Refresh button.

   You should be prompted to enter user credentials.

7. Enter valid Siebel user credentials.

   The Siebel application should be displayed.

8. Repeat Step 2 to Step 5 for the Web server you have implemented.