Idle Session Timeout is value (in minutes for Oracle Single Sign-On Server) after which user has to re-login, if they are inacte (No Activity / Idle) during that time. It is recommended to set Idle Session time out (Global Inactivity timeout) for security reasons. By default there is No Value set for Idle Session Timeout for Oracle Single Sign-On Server Server which means any application (like portal, discoverer, BI, forms & reports) using Oracle Single Sign-on for authentication will NOT logout user session because of Inactivity (This can be a Security Risk).
Default Session Time Out value for Oracle E-Business Suite 11i/R12 is 30 Minutes to know more about Idle Session timeout in Oracle Apps 11i, R12 check my previous post at Idle Session in Oracle Apps R12, 11i
Default Session Timeout for Apps 11i/R12 integrated with Single Sign-On Server
——————————————————————————–
For Oracle E-Business Suite (Apps 11i/R12) Customers integrated with Oracle Single Sign-On, default session time out for E-Business Suite/11i/R12 is 30 minutes where as no value for SSO which means If Apps User try to access apps after 30 minutes of Inactivity, user will get warning that session timeout and prompted to re-login. This will take user to new window and user without actually typing user name password can re-login to Apps.
The reason behind this security loop hole is that user logged out from Apps 11i/R12 after 30 minutes of inactivity but user cookie is still valid on SSO(as no idle session time out set on SSO Server) and user can re-login to apps without entering password as its authenticated by SSO server.
How to avoid this situation ?
Make Idle Session Timeout for Oracle SSO server in line with Apps 11i/R12
How to set Session Time out or Global Inactivity Timeout for Oracle Single Sign-On Server
—————————————————————————————–
1. Execute ssogito.sql from $ORACLE_HOME/sso/admin/plsql/sso (on SSO Tier) as orasso schema
2. There are few more steps on SSO server which you can find in link below
Oracle Documentation
———————————
Configuring the Global User Inactivity Timeout at Global Inactivity Timeout in Oracle SSO Server
You can subscribe to posts from this site in your mail box from right menu bar and contact me using Contact Us page on this site for feedback and things you like to see on this site.
Related Docs
357687.1 - How to Verify if mod_osso Global Inactivity Timeout (GITO) is Working
301894.1 - What is the difference between the SSO session duration timeout and the global inactivity timeout values
340708.1 - Global Inactivity TimeOut (GITO) does not work
561224.1 - Where In The Metadata Repository Database Is The GITO Cookie Name Stored?
445336.1 - SSO Global Inactivity Timeout Is Not Protecting the Customize Link
418385.1 - Interminent 500 Internal Server Error accessing Production with SSO GIT set on Test system
Related Posts for SSO
- Session Timeout for Oracle Single Sign-On Server
- SSO : How to deal with “Your Account is Locked”
- Integrate Oracle SSO with third party SSO Server
- Change Idle Session timeout ICX Session Timeout session.timeout
- How to audit/list failed/unsuccessful login attempts for Standalone/SSO E-Business Suite 11i/R12
Popularity: 11% [?]
Download R12 VMware Documentation
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth for Money 
3 users commented in " Session Timeout for Oracle Single Sign-On Server "
Follow-up comment rss or Leave a TrackbackHello All,
We are facing a problem where customer is getting oracle timeout screen after 30 minutes. They have a gatekeeper screen for which they have the login other than Oracle FND users so once a person is logged in thru gatekeeper, they are able to access the applications but if a timeout happens, it navigates to oracle standard log out screen but they don’t have oracle fnd users so they want gatekeeper screen to come so that they can log in again.
Proposed solution- they want an alert message to come on Oracle timeout screen by which they can go to Gate keeper screen.
Can anyone please suggest me how to implement the same. I am very new to OAF so doesn’t know anything on the same.
Any help will be highly appreciated.
Thanks & regards,
Amit Garg
Atul,
FYI ssogito.sql doesn’t work with R12.
It is presently tracked by bug Bug.6868527/6151697 (15) CERTIFICATION OF SSO GLOBAL INACTIVITY TIMEOUT (GITO) WITH RELEASE 12:
Bug.6151697/5238327 (15) NEED SSO MECHANISM TO TIMEOUT EBIS PARTNER APPS WITHOUT TIMING OUT OTHER REGISTERED PARTNER APPS
Global User Inactivity Timeout will work with MOD_OSSO based partner applications ONLY. Oracle E-Business Suite Release 11i uses an pre-packaged SSOSDK approach and NOT the MOD_OSSO. However, Oracle E-Business Suite Release 12 is an MOD_OSSO based partner Apps.
SSO Global Inactivity time-out (GITO) also has a known restriction that it does not work automatically for dynamically protected pages, as all pages are on R12 which is dynamically protected , unless each page check for expiration. Hence, there still needs to be a relative Apps code to consume this SSO timeout.
Thanks
Rajan
Hi Atul,
My developers did one hibernate application. For that we need to set DB session time out. For this what i have to do? Please help me out. This is very urgent for me.
Thanks in Advance
Sridhar
Leave A Reply