Question

Authentication timeouts challenge not letting user in even after supplying correct credential multiple times

We are using v 7.1.5 & weblogic server and we have configured Authentication Timeout on access group level. While testing we have given 60 seconds as timeout. After timeout pega displays authentication challenge pop-up window to re-authenticate the user but even after supplying correct credentials multiple times pega doesn't let the user in, it keeps displaying the pop-up window asking for credentials again and again. Could some one please help me resolve this issue or let me know if I am missing something here.

**Moderation Team has archived post**

This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.

Correct Answer
August 31, 2016 - 2:50pm

Hi Dilip - Yes, Pega support proposed to add pxSessionTimer section inside pyPortalHeader section  in the portal harness and configuring proper parameter for this section should work OOTB. Since I was on v7.1.5 and due to some code issue with pega's OOTB pxSessionTimer section I had to customize to make it work.

Comments

Keep up to date on this post and subscribe to comments

September 9, 2015 - 2:01pm

I tried even Dynamic system settings way of session timeout by creating prconfig/timeout/application/default and prconfig/timeout/browser/default settings and restarted the server but these settings doesn't seem working at all.

Can someone pls help me with this?

September 11, 2015 - 8:35pm

Hi Marty Solomon / Chunzhi Hong

Could you please help me with this issue in my first post. I tried by supplying multiple time id/pwd when asked for re-authentication pop-up window again and again for more than 5 times and then finally I got below error message on the screen. Could you please help me resolve the issue?

I am copying the error message text below-

Error 401--Unauthorized

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.

September 12, 2015 - 3:19am
Response to DPSSingh

I think you need to raise an SR.

September 12, 2015 - 11:17am
Response to Chunzhi_Hong

Thank you Chunzhi for your response! I will raise SR for this.

August 23, 2016 - 7:43pm

Hi - Did you get the solution? Please share.

Best Regards,
Dilip

August 23, 2016 - 7:43pm

Hi - Did you get the solution? Please share.

Best Regards,
Dilip

August 31, 2016 - 2:50pm
Response to DilipKMondal

Hi Dilip - Yes, Pega support proposed to add pxSessionTimer section inside pyPortalHeader section  in the portal harness and configuring proper parameter for this section should work OOTB. Since I was on v7.1.5 and due to some code issue with pega's OOTB pxSessionTimer section I had to customize to make it work.