Environment
NetIQ Access Manager 3.2
Load Balancer set with same persistence timeout as IDP session timeout on protected resource
Users looping accessing protected resource when close to IDP session timeout
Load Balancer set with same persistence timeout as IDP session timeout on protected resource
Users looping accessing protected resource when close to IDP session timeout
Situation
Access Manager setup and working fine. Multiple Identity and Access Gateway servers are fronted by a Cisco load balancer, whose persistence timeout is set to 20 minutes. The session timeout defined at the protected resource contract level is also set to 20 minutes ie. the users will be prompted to authenticate again if they have been idle for more than 20 minutes at the protected resource.
Resolution
Fixed in 3.2.1 IR1a
Additional Information
X-MAG header looked like following when it loops with this problem:
6D86BFC097C8B9FC;a08603b6;4257158;usrLkup->0;usrBase->0;LocUsr;restricted;Contract-none->0;CheckSB->1 ;Fnd@SBSC;Contract-none->2;FPE->2;