We all know there is a Session tab in OpenAM Administration console listing all the current sessions in a particular OpenAM node. In the Session table, there are 2 columns "Max Session Time" and "Max Idle Time".
We all know that the Session for every user can be configured globally in Configuration ++ Global +++ Session.
Click on Session and scroll all the way down to Dynamic Attributes section. This is where Global Session is configured.
Is it possible to configure a different Maximum Session Time and/or Maximum Idle Time on a per-user basis in OpenAM?
The answer is yes, but we seldom do that as this is really a operational headache. Some customers of ours will instead opt for different Session setting on a per-department basis. This will be via some customized codes in Post Authentication Processing module and determined by a certain attribute (e.g. departmentCode) in the users' LDAP (or Microsoft AD) entry.
Suppose a customer insists on having different Session setting on a per-user basis, the following is how we go about achieving that.
1) Go to Subjects tab and search for the user
2) We can see that the Session service is currently not available for this particular user. This implies the values are inherited from Global Session setting which we discussed earlier.
3) Click on Add
4) Choose Session and click Next.
5) This is where different Session values can be set on a per-user basis. Click on Finish.
6) We are done.
Nice!
.
No comments:
Post a Comment