Idle Session Timeout is value (in minutes for Oracle Single Sign-On Server) after which user has to re-login, if they are inacte (No Activity / Idle) during that time. It is recommended to set Idle Session time out (Global Inactivity timeout) for security reasons. By default there is No Value set for Idle Session Timeout for Oracle Single Sign-On Server Server which means any application (like portal, discoverer, BI, forms & reports) using Oracle Single Sign-on for authentication will NOT logout user session because of Inactivity (This can be a Security Risk).
Default Session Time Out value for Oracle E-Business Suite 11i/R12 is 30 Minutes to know more about Idle Session timeout in Oracle Apps 11i, R12 check my previous post at Idle Session in Oracle Apps R12, 11i
Default Session Timeout for Apps 11i/R12 integrated with Single Sign-On Server
——————————————————————————–
For Oracle E-Business Suite (Apps 11i/R12) Customers integrated with Oracle Single Sign-On, default session time out for E-Business Suite/11i/R12 is 30 minutes where as no value for SSO which means If Apps User try to access apps after 30 minutes of Inactivity, user will get warning that session timeout and prompted to re-login. This will take user to new window and user without actually typing user name password can re-login to Apps.
The reason behind this security loop hole is that user logged out from Apps 11i/R12 after 30 minutes of inactivity but user cookie is still valid on SSO(as no idle session time out set on SSO Server) and user can re-login to apps without entering password as its authenticated by SSO server.
How to avoid this situation ?
Make Idle Session Timeout for Oracle SSO server in line with Apps 11i/R12
How to set Session Time out or Global Inactivity Timeout for Oracle Single Sign-On Server
—————————————————————————————–
1. Execute ssogito.sql from $ORACLE_HOME/sso/admin/plsql/sso (on SSO Tier) as orasso schema
2. There are few more steps on SSO server which you can find in link below
Oracle Documentation
———————————
Configuring the Global User Inactivity Timeout at Global Inactivity Timeout in Oracle SSO Server
You can subscribe to posts from this site in your mail box from right menu bar and contact me using Contact Us page on this site for feedback and things you like to see on this site.
Related Docs
357687.1 - How to Verify if mod_osso Global Inactivity Timeout (GITO) is Working
301894.1 - What is the difference between the SSO session duration timeout and the global inactivity timeout values
340708.1 - Global Inactivity TimeOut (GITO) does not work
561224.1 - Where In The Metadata Repository Database Is The GITO Cookie Name Stored?
445336.1 - SSO Global Inactivity Timeout Is Not Protecting the Customize Link
418385.1 - Interminent 500 Internal Server Error accessing Production with SSO GIT set on Test system
Related Posts for SSO
- Session Timeout for Oracle Single Sign-On Server
- SSO : How to deal with “Your Account is Locked”
- Integrate Oracle SSO with third party SSO Server
- Change Idle Session timeout ICX Session Timeout session.timeout
Popularity: 36% [?]
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth for Money 
1 user commented in " Session Timeout for Oracle Single Sign-On Server "
Follow-up comment rss or Leave a TrackbackHello All,
We are facing a problem where customer is getting oracle timeout screen after 30 minutes. They have a gatekeeper screen for which they have the login other than Oracle FND users so once a person is logged in thru gatekeeper, they are able to access the applications but if a timeout happens, it navigates to oracle standard log out screen but they don’t have oracle fnd users so they want gatekeeper screen to come so that they can log in again.
Proposed solution- they want an alert message to come on Oracle timeout screen by which they can go to Gate keeper screen.
Can anyone please suggest me how to implement the same. I am very new to OAF so doesn’t know anything on the same.
Any help will be highly appreciated.
Thanks & regards,
Amit Garg
Leave A Reply