70413 - New configuration properties in SAS® Risk Governance Framework require users to enter credentials after a defined period of inactivity

Usage Note 70413: New configuration properties in SAS® Risk Governance Framework require users to enter credentials after a defined period of inactivity

Based on the HTTP session time-out interval, SAS Risk Governance Framework displays the following message on the web browser screen after a period of user inactivity:

Your application has timed out.

After clicking Return to Application, the user might be able to return to the web application without re-entering credentials.

New configuration properties in SAS Risk Governance Framework enable you to require users to log on to the web application after the HTTP session has timed out.

To require users to log on after a specified period of inactivity, specify the following configuration option in the configdata.properties file (the default value for this configuration property is -1):

monitor.timeout.altTimeoutActivityInterval = interval-in-seconds

When this option is specified, the web application server forces users to log on again after the specified time of inactivity has elapsed.

You might also need to modify how often the web application refreshes alert notifications for users. The automatic refresh of notifications might extend the session, even when users are not actively using the web application.

To change the refresh internal for alert notifications in the web application, specify the following configuration option in the configdata.properties file:

monitor.notification.pollingInterval = interval-in-milliseconds

The default value for the configuration property is 0, which indicates that the default refresh interval of one minute should be used. You can also specify a value of -1, to prevent the refresh of notifications. When you specify a value of -1, the notification icon is hidden from users. If you specify a long refresh interval, a user can position the mouse pointer over the notification icon to force the web application to refresh their alert notifications. If you specify a value other than -1, the value should be larger than the value for the global single sign-on time-out interval mentioned below.

Notes:

1. When you use these properties to modify the session time-out interval for the web application, you must also specify the following Java Virtual Machine (JVM) option for SASServer1_1 to change the global single sign-on time-out interval:

-Dsas.tgt.expiration.period = interval-in-milliseconds

The default global single sign-on time-out interval is 12 hours. For more information about configuring this option, see "Configure the Global Single Sign-on Time-out Interval" in Chapter 9 of SAS^® 9.4 Intelligence Platform: Middle-Tier Administration Guide.

2. In addition, you might want to disable the inactive session warning message by specifying the following metadata property in the SAS^® Management Console:

Policy.DisplaySessionTimeoutWarning = false

For more information about configuring this property, see "Display a Warning Message for Inactive User Sessions" in Chapter 9 of SAS^® 9.4 Intelligence Platform: Middle-Tier Administration Guide.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
Product Family	Product	System	Reported	Fixed*	Reported	Fixed*
SAS System	SAS Risk Governance Framework	Linux for x64	7.4		9.4 TS1M5
		Windows 7 Ultimate x64	7.4		9.4 TS1M5
		Windows 7 Ultimate 32 bit	7.4		9.4 TS1M5
		Windows 7 Professional x64	7.4		9.4 TS1M5
		Windows 7 Professional 32 bit	7.4		9.4 TS1M5
		Windows 7 Home Premium x64	7.4		9.4 TS1M5
		Windows 7 Home Premium 32 bit	7.4		9.4 TS1M5
		Windows 7 Enterprise x64	7.4		9.4 TS1M5
		Windows 7 Enterprise 32 bit	7.4		9.4 TS1M5
		Microsoft Windows Server 2016	7.4		9.4 TS1M5
		Microsoft Windows Server 2012 Std	7.4		9.4 TS1M5
		Microsoft Windows Server 2012 R2 Std	7.4		9.4 TS1M5
		Microsoft Windows Server 2012 R2 Datacenter	7.4		9.4 TS1M5
		Microsoft Windows Server 2012 Datacenter	7.4		9.4 TS1M5
		Microsoft Windows Server 2008 for x64	7.4		9.4 TS1M5
		Microsoft Windows Server 2008 R2	7.4		9.4 TS1M5
		Microsoft Windows Server 2008	7.4		9.4 TS1M5
		Microsoft Windows 10	7.4		9.4 TS1M5
		Microsoft Windows 8.1 Pro x64	7.4		9.4 TS1M5
		Microsoft Windows 8.1 Pro 32-bit	7.4		9.4 TS1M5
		Microsoft Windows 8.1 Enterprise x64	7.4		9.4 TS1M5
		Microsoft Windows 8.1 Enterprise 32-bit	7.4		9.4 TS1M5
		Microsoft Windows 8 Pro x64	7.4		9.4 TS1M5
		Microsoft Windows 8 Pro 32-bit	7.4		9.4 TS1M5
		Microsoft Windows 8 Enterprise x64	7.4		9.4 TS1M5
		Microsoft Windows 8 Enterprise 32-bit	7.4		9.4 TS1M5
		Microsoft® Windows® for x64	7.4		9.4 TS1M5

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Usage Note
Priority:	high

Date Modified:	2023-10-11 11:17:11
Date Created:	2023-09-26 11:44:36

Support

Usage Note 70413: New configuration properties in SAS® Risk Governance Framework require users to enter credentials after a defined period of inactivity

Operating System and Release Information