In our deployement, We have 3 OpenAM instances behind a LoadBalancer, the stickiness is based on IP adresses, so that the Users always get on the same server.
My problem is that our max concurrent sessions is reached on each server after just one day of Workload.
When i analysed the amSSO audit log, i found out that my Web Agent (amService-UrlAccessAgent) opens sessions frequently (more than 20 sessions per minute) and those sessions never get destroyed (they all live loong :)).
Can you please help me to interpret this behavior? didn't amService-UrlAccessAgent suppose to log once?
In advance Thank you.
I think that i got the solution. when i started to dig a little in the OpenAm code and in the agent code i have found out the folowing
if ((isApplicationModule(authMethName) &&
(ad.isSuperUser(userDN) || ad.**isSpecialUser**(userDN)))
|| isAgent(amIdentityUser))
if (isAgent(amIdentityUser) && agentSessionIdleTime > 0) {
....
session.setMaxSessionTime(Long.MAX_VALUE/60);
session.setMaxIdleTime(agentSessionIdleTime);
session.setMaxCachingTime(agentSessionIdleTime);
} else {
session.setExpire(false);
}
and when You look just a little before, You found out that the value of agentSessionIdleTime is 0 if the property com.iplanet.am.session.agentsessionidletim isn't setup.
for the interpretation of the meaning of this property follow this link: policy agent sessions to time out
Thanks Peter For Your Help. I will tell You soon if that works well on our production system.