Users looping between protected resources and IDP server when session timed out at load balancer

  • 7011567
  • 02-Jan-2013
  • 18-Sep-2013

Environment

NetIQ Access Manager 3.2
Load Balancer set with same persistence timeout as IDP session timeout on protected resource
Users looping accessing protected resource when close to IDP session timeout

Situation

Access Manager setup and working fine. Multiple Identity and Access Gateway servers are fronted by a Cisco load balancer, whose persistence timeout is set to 20 minutes. The session timeout defined at the protected resource contract level is also set to 20 minutes ie. the users will be prompted to authenticate again if they have been idle for more than 20 minutes at the protected resource.

Resolution

Fixed in 3.2.1 IR1a

Additional Information

X-MAG header looked like following when it loops with this problem:

6D86BFC097C8B9FC;a08603b6;4257158;usrLkup->0;usrBase->0;LocUsr;restricted;Contract-none->0;CheckSB->1 ;Fnd@SBSC;Contract-none->2;FPE->2;

Feedback service temporarily unavailable. For content questions or problems, please contact Support.