locked
UAG Timeout/SSO RRS feed

  • Question

  • We have a user who said he connected with an Android tablet to OWA published through our UAG server and hasn't had to re-autenticate even when the 12 hour absolute timeout we have configured on UAG has passed.  We also have a 1 hour idle timeout.  Has anyone else seen this or does anyone have any suggestions?

    I also just heard from a user who opened our portal page today and went directly into the portal homepage without having to login.  It looks like the user logged in the day before to one of our trunks, SSO'd to another trunk, and then logged out.  It almost seems like maybe the SSO cookie never expired.  Any ideas there?

    Thanks,
    Ken

    Thursday, February 24, 2011 5:55 PM

Answers

  • Hi Ken,

    The UAG session expires on both sides - the cookie expires on the client when the logoff is performed, and the session is expired on the UAG itself when it receives the logoff command, or if the timeout expires. The cookie on the client may remain intact if the logoff process is not performed, and the browser is not closed. the timeout functionality should still take care of that, but it's possible that something on the device is keeping the session open, and it's also possible that the user has connected to another user's session. The latter may happen if there's some kind of traffic optimization device done in front of UAG, causing all sessions to appear as if they are coming from the same source. This is pretty rare, but should be ruled out anyway.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, May 17, 2011 12:16 AM
    Tuesday, May 17, 2011 12:16 AM