Thursday, April 19, 2007

Timeout Setting when you have 10gAS integrated with 11i along with External Authentication

We are using 11i (11.5.10.2) with 10gAS (10.1.4.0.1) with AD external Authentication. The timeout behavior was not consistent across the board.

The following places needs to be modified to set timeout across the board

11i
System Profile option ICX:Session Timeout 30 (Minutes)
zone.properties file session.timeout=180000 (Milliseconds=30 Minutes)


SSO
a) Navigate to http://:port/pls/orasso
b) Login with an administration account
c) Press 'SSO Server Administration'
d) Press 'Edit SSO Server Configuration'
e) In the section 'Single Sign-On Session Policy', change the Single Sign-on Session Duration from 8Hrs to .5 Hr (30 Min) ---This must match 11i Timeout


Other Timeouts

SSO
Set Global Inactivity Timeout – Login as ORASSO and run $ORACLE_HOME/sso/admin/plsql/sso/ssogito.sq set the “inactivity_period” in Minutes (Default 15 min, To disable timeout set inactivity period to 0)

Set connectionIdleTimeout = 30 (default 120 min) in $ORACLE_HOME/sso/conf/policy.properties

Set OssoIdleTimeout on (Default off) in $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf



OID
To set the interval in ODM select the server, then the Query Optimization tab, LDAP Connection Timeout. The set to 30 (default is 0, no timeout). The value is in minutes. The value should be set to less than any firewall or load balancer timeout.

In ODM select the server, then the System Operational Attributes tab, Statistics Collection Interval is set to 15. The default is 60 minutes. This value should be set to about half the connection timeout.


Bounce the services on 10gAS and 11i
opmnctl stopproc process-type=HTTP_Server
opmnctl startproc process-type=HTTP_Server

opmnctl stopproc process-type=OC4J_SECURITY
opmnctl startproc process-type=OC4J_SECURITY

adapcctl.sh stop
adapcctl.sh start


Good Luck...

1 comment:

Steven said...

Nice summary, Shyam! It's handy to have this information in one place.

Regards,
Steven