Based on the HTTP session time-out interval, SAS Risk Governance Framework displays the following message on the web browser screen after a period of user inactivity:

After clicking Return to Application, the user might be able to return to the web application without re-entering credentials.

New configuration properties in SAS Risk Governance Framework enable you to require users to log on to the web application after the HTTP session has timed out.

To require users to log on after a specified period of inactivity, specify the following configuration option in the configdata.properties file (the default value for this configuration property is -1):

When this option is specified, the web application server forces users to log on again after the specified time of inactivity has elapsed.

You might also need to modify how often the web application refreshes alert notifications for users. The automatic refresh of notifications might extend the session, even when users are not actively using the web application.

To change the refresh internal for alert notifications in the web application, specify the following configuration option in the configdata.properties file:

The default value for the configuration property is 0, which indicates that the default refresh interval of one minute should be used. You can also specify a value of -1, to prevent the refresh of notifications. When you specify a value of -1, the notification icon is hidden from users. If you specify a long refresh interval, a user can position the mouse pointer over the notification icon to force the web application to refresh their alert notifications. If you specify a value other than -1, the value should be larger than the value for the global single sign-on time-out interval mentioned below.

Notes: 

1. When you use these properties to modify the session time-out interval for the web application, you must also specify the following Java Virtual Machine (JVM) option for SASServer1_1 to change the global single sign-on time-out interval:

The default global single sign-on time-out interval is 12 hours. For more information about configuring this option, see "Configure the Global Single Sign-on Time-out Interval" in Chapter 9 of SAS^® 9.4 Intelligence Platform: Middle-Tier Administration Guide.

2. In addition, you might want to disable the inactive session warning message by specifying the following metadata property in the SAS^® Management Console:

For more information about configuring this property, see "Display a Warning Message for Inactive User Sessions" in Chapter 9 of SAS^® 9.4 Intelligence Platform: Middle-Tier Administration Guide.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for SAS Risk Governance Framework 7.5 is available at:

A fix for this issue for SAS Risk Governance Framework 7.4 is available at: