Symptom
When the FMC is setup with single sign-on (SSO). The user’s session times out in exactly 1 hour (even when the user is actively using the WebUI. This behavior occurs with both OKTA or DUO configured as the SSO provider.
Conditions
The customer has many users which us the FMC with Okta and they get log out after 1 hr even though they are actively using FMC web UI.
Further Problem Description
1) We have verified that the SSO timeout on DUO is 8 hours and the FMC was set with a 2 hour timeout. This seems to be tied to a web cookie that the FMC sets once the user is logged in. Inside the cookie there are named objects (sso_token and sso) that have a data
value set for the Expires/ Max-Age that is exactly 1 hour from the initial login time. This value is not set from the SSO provider and is inside of a cookie from the FMC. The Expires/ Max-Age does NOT extend even with active use of the FMC.
2) We also verified with DUO , FMC timeout set to 15 mins and user was active accessing web UI. However, thee was no timeout after 15 mins.
3) The CU is on OKTA and sees same issue and hence security TSA has recreated the issue for 2 hrs timeout on DUO and seems to be FMC issue.
