We have IDM 4.5.3 on windows, we also have AR 2.0 and IDM reporting. We
are using OSP 6 for the SSO.

I have 3 issues given below but they are all inter related.

Issue 1:
The login (OSP) screen say invalid credentials some times (Though my
credentials are correct). But after 2nd or 3rd attempt it succeeds.

Issue 2:
The login screen takes too long time to authenticate the user. It take
30 - 45 seconds. I also noticed randomly, it autheticates sometimes if
you logoff and login immediately. But its only random

Issue 3:

After successful logon, I was in roles & resource tab for few minutes
(say 10 minutes). After 10 mins if I go to work dashboard, it was
rolling on the top, and after 30-45 seconds to shows the page.

And in the log (catalina.out), I could see the OSP is issuing the token
again (refreshing it), like below in log.
com.novell.common.auth.saml.AuthTokenGenerator- [RBPM] SAML Token is
issued by the request from SSO filter oauth

Please help how we can configure the OSP/IDM to reduce the
authentication timing and failure (issue 1) and to minimize the time
moving on pages in IDM.

Also, in the documentation the below properties are given. I am not
quite understand them. Can some explain them, how its used.

Session Timeout (minutes)
Specifies the number of minutes of inactivity in a session before the
server times out the users session. The default value is 20 minutes.

Validity duration for access token
Specifies the number of seconds an OSP access token remains valid. The
default value is 60 seconds.

Validity duration for refresh token
Specifies the number of seconds an OSP refresh token remains valid. The
refresh token is used internally by OSP. The default value is 48 hours.

Thanks in advance.

nvldk's Profile: https://forums.netiq.com/member.php?userid=8443
View this thread: https://forums.netiq.com/showthread.php?t=56989