iPlanetDirectoryPro cookie settings

shaye · September 13, 2022, 8:00pm

Hi Experts,
How can i set or update the iPlanetDirectoryPro cookie for a specific realm?

Thanks

peter.major.idf · September 14, 2022, 8:30pm

The session cookie in AM is not realm specific, the whole AM deployment uses one single session cookie.

shaye · September 15, 2022, 1:34pm

ok thanks.What is the iPlanetDirectoryPro default timeout setup at, how can I update this?

thanks

gery.ducatel · September 16, 2022, 10:59am

Time session management can be configured here:

Realms > Realm Name > Services > Session > Dynamic Attributes

See documentation here:
https://backstage.forgerock.com/docs/am/7.2/security-guide/session-state-session-termination.html#session-max-timeout

You may want to check the Session section in the documentation for reference:
https://backstage.forgerock.com/docs/am/7.2/sessions-guide/preface.html

shaye · September 16, 2022, 3:42pm

Thanks for the info Gary. Right now am using 6.5 could you pls share for 6.5 one link kindly?

shaye · September 20, 2022, 2:06pm

Hi Gery,
I had realms specific Dynamic attributes and also had Global services->session> dynamic attributes idle time out which one has precedence?

gery.ducatel · September 20, 2022, 7:45pm

Realm configuration takes precedence.
You have max time, max idle time, max caching time, and active user sessions (if enforced at global level).

shaye · September 21, 2022, 1:14pm

Gery,
Confusing me with your below statement in quotes.I’ve defined at global services and at the realm , the max time out . Like at global I had 20 mins and realm 15 mins time out. which one will be considered?

You have max time, max idle time, max caching time, and active user sessions (if enforced at global level).

thanks

gery.ducatel · September 21, 2022, 1:36pm

No problem.
The rule is local (i.e. realm level) takes precedence over global configuration. That means you may use the Global configuration as “default” value across all realms. So your realm has a max time out value of 15 minutes.
I am sorry if the statement was not clear. I think what was not really explained is only related to the active user sessions (and it is probably not even part of your question, but the distinction is important). This value sets the maximum number of sessions for one user. You have a global value, and a local value. However, this maximum number of session needs to be enforced. The property to enforce a maximum number of values is set globally only.
Therefore changing the maximum number of active sessions at a local level is only meaningful if the global enforcement is set. This has no impact on the other three parameters: max time, max idle time, and max caching time.
I hope it helps.