SAP Knowledge Base Article - Public

3198040 - SAP JAM - Session timeout is not working in IAS enabled JAM

Symptom

When a session in JAM has ended after a period of set inactivity (configuration: Jam Admin Console->Security), the system offers to "Log in again". When choosing this button, the system automatically authenticates the user without asking for a username and password. 

  • Observed in browsers with cleared cookies and cache
  • Observed even in Incognito browser
  • "Remember me" was never clicked by the customer

Otherwise when choosing "Account Settings->Log out" or the logout button in the window "Session Information/ Your session will expire soon", the session is closed and the user has to retype their username and password -- this should be the expected behavior with the session timeout as well.

Customer is using JAM with IAS (not connected to BizX).

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SAP Jam Collaboration

Reproducing the Issue

  1. Login to JAM
  2. Let it timeout and wait for the "Session Timed Out" window prompt
  3. Click "Log in again"

It will not redirect you to the login page but will automatically authenticates you without asking for your login credentials.

Cause

As per engineering team, from the network trace for the session timeout scenario, they have found that there was no logout request from Jam to IAS throughout the course of the testing -- from Logging in, Session timeout and Logging in again.

Resolution

As per system design, SAP Jam does not send logout request to its IdP(IAS) upon a session timeout. While the Jam session does get terminated upon session timeout, the IAS session does not.

So, unless the IAS session can also be configured to timeout after the same (or less) time duration than Jam, then the session time out "log in again" operation in Jam will just be re authenticated through IAS with the existing session (without asking the user to enter password again) when it receives the new authentication request from Jam.

Note: The product team is not looking to make any further changes to this Jam session timeout behavior any time soon.

See Also

2549871 - Automatically end a session after a period of inactivity in SAP Jam
2090228 - How to Submit Ideas for SAP SuccessFactors Products

Keywords

re-login, session timeout, delete cookies, delete cache, browsing history, remember me, logout issue , KBA , LOD-SF-JAM-SSO , Single Sign On & Deeplink , Bug Filed

Product

SAP Jam Collaboration 1905