We've been dealing with a few different issues recently in the realm of users getting signed out of applications. While looking into it, it gets confusing depending on how the environment is setup. I found several places where timeouts take place within the LF applications: Mobile, Forms, Repository, and STS. If all of the products (including STS) has timeouts configured, how do those affect each other? The two recent issues we have come across are with Mobile.
So Many Timeouts, What is the Order of Precedence?
Hi Blake - please allow me to comment on the Mobile App since that were your two recent cases. Mobile app timeout is determined by the timeout parameter configured on the Mobile Service Configuration page, measuring the length of inactivity that happens on the end-user side. Even if the system, e.g. Repository etc., issues a timeout, the mobile app has the mechanism to reconnect at the backend as long as mobile timeout is yet to hit. If this is not what you are observing and able to produce a different behavior consistently, please open a support case so that we can investigate further. Thank you!
Seeing if someone from Laserfiche could chime in on this one?
Can we also get information about the behavior of the other Laserfiche applications and how they work with regards to using and not using an STS and timeouts?
Your STS timeout doesn't really affect web client at all. You need to have an active LFDS session when you authenticate via SSO, and that's it. It doesn't matter if your STS token expires while you are using web client, it was just used to authenticate you at the beginning.
Something worth noting is a final client side maximum timeout that can not be overridden by the server. You can not go beyond about 6 hours. If you try setting 100,000 minutes or 0 minutes, you will get about 6 hours before the app itself times you out.
Any new features to extend the timeout? Everyone wants to extend the timeout at least until biometrics is available, which would prevent users from entering their passwords on a mobile device and prevent the error messages they are getting when they have not opened the app for awhile.