Configuring Session Timeout for All Users

This section describes how to configure a number of minutes for timeout of user sessions and orphaned sessions. The configuration as described here applies to all domains in an environment.

Note: It is possible to configure timeout for users of a specific domain rather than all users. The domain-specific timeout configuration overrides the general timeout settings. The configuration steps are in the next section.

User session timeout is the number minutes of inactivity before a user session times out. You can also configure a warning for users. If you choose to do this, make sure that the timeout you configure for both the session itself and the warning message are compatible with each other. Configuring a User Session Timeout Warning

Orphaned sessions are sessions in which a user closed a browser window but did not sign out of the application. When the orphaned session timeout occurs, the memory allocated to these sessions is returned to the system as a whole. Orphaned session timeout must be longer than user session timeout and is typically much longer.

Note: 

If you use AD FS or Infor Ming.le, which also have timeout parameters, the timeout value you configure for Landmark must be the longest, that is, the last to expire. For example, if you configure AD FS or Infor Ming.le to timeout at ten minutes, you must configure Landmark to time out after eleven or more minutes.

  1. From a command window on the Landmark server, type

    secadm -m

    If prompted, supply the security administration password.

  2. From the main menu, choose Maintain Single Sign On Configuration.
  3. From the sub-menu that appears, choose Configure Lawson Single Sign On.
  4. Respond to the following prompts:

    • Choose the protocol to use to connect to the Lawson authentication service. This must be set to SSL. If it is not, select option 1 to configure SSL.

    • Enter the service to use to sign on: The default is SSOPV2. If SSOPV2, the primary authentication service for Landmark is correct for your system, press Enter to continue. If you want to use a different service, type the service name here and then press Enter.

    • Enter a time out value in minutes for sign on sessions: This can be any number of minutes that is appropriate for your site. The default is 5 minutes.

      If you are planning to configure a timeout warning message for users, make sure that the timeframe you select here is compatible with the functionality of the warning message. For example, in some versions of Infor Security, the warning timeout message is an on/off feature. If it is turned on, the user receives a warning message five minutes before the session is about to timeout. In this case, the default of five minutes for session timeout would not be appropriate. You would want to use a longer timeframe, for example, 30 or more minutes. Configuring a User Session Timeout Warning

    • Enter a time out value in minutes for orphaned sessions: The default is 360 minutes (six hours). This number must be bigger than the sign-on session timeout value (configured in the previous option).

  5. When you are finished configuring, select Back to return to the main menu. When you are done working with the secadm utility, select Exit.
  6. You must perform a system restart for the changes you made here to take effect.
  7. If you use AD FS or Infor Ming.le, verify that the timeout you configured here does not conflict with those settings. Landmark must time out later than AD FS or Infor Ming.le. Change timeout setting for those products if necessary.

    Information about changing the AD FS timeout parameters (Token LifeTime and Web SSO Lifetime) is in Infor Lawson Authentication Configuration Guide in help and Infor Support Portal. Information is also available from Microsoft.

    Information about changing the timeout parameter in Infor Ming.le is in the Infor OS documentation available in Infor Support Portal.