Sun Java System Identity Server 2004Q2 Administration Guide |
Chapter 39
Session Service AttributesThe Session Service attributes are global and dynamic attributes. The values applied to the global attributes are applied across the Identity Server configuration and are inherited by every configured organization. (They cannot be applied directly to roles or organizations, as the goal of global attributes is to customize the Identity Server application.)
The values applied to the dynamic attributes are applied to either a role or an organization. If the role is assigned to a user or a user is assigned to the organization, these attributes, by default, are inherited by the user. Default session values are set in Service Configuration for all Identity Server registered organizations. These values can be set differently for separate organizations by registering the session service to the specific organization, creating a template and inputting a value other than the default value.
Global AttributesThe global attributes are:
Maximum Number of Search Results
This attribute specifies the maximum number of results returned by a session search. The default value is 120.
Timeout For Search (Seconds)
This attributed defines the maximum amount of time before a session search terminates. The default value is 5 seconds.
Dynamic AttributesThe dynamic attributes are:
Max Session Time (Minutes)
This attribute accepts a value in minutes to express the maximum time before the session expires and the user must reauthenticate to regain access. A value of 1 or higher will be accepted. The default value is 120. (To balance the requirements of security and convenience, consider setting the Max Session Time interval to a higher value and setting the Max Idle Time interval to a relatively low value.) Max Session Time limits the validity of the session. It does not get extended beyond the configured value.
Max Idle Time (Minutes)
This attribute accepts a value (in minutes) equal to the maximum amount of time without activity before a session expires and the user must reauthenticate to regain access. A value of 1 or higher will be accepted. The default value is 30. (To balance the requirements of security and convenience, consider setting the Max Session Time interval to a higher value and setting the Max Idle Time interval to a relatively low value.)
Max Caching Time (Minutes)
This attribute accepts a value (in minutes) equal to the maximum interval before the client contacts Identity Server to refresh cached session information. A value of 0 or higher will be accepted. The default value is 3. It is recommended that the maximum caching time should always be less than the maximum idle time.