Sun Identity Manager 8.1 Business Administrator's Guide

Security Practices

As an Identity Manager administrator, you can further reduce security risks to your protected accounts and data by following these recommendations, at setup time and after.

At Setup

To reduce security risks during setup:

During Use

To reduce security risks during use:

If your application server is Servlet 2.2-compliant, the Identity Manager installation process sets the HTTP session timeout to a default value of 30 minutes. You can change this value by editing the property; however, you should set the value lower to increase security. Do not set the value higher than 30 minutes.

ProcedureTo Change the Session Timeout Value

  1. Edit the web.xml file, which is located in theidm/WEB-INF directory in your application server directory tree.

  2. Change the number value in the following lines:

    <session-config>  <session-timeout>30</session-timeout></session-config>