SMC Web Access Authentication Timeout Change in Version 7.0

SMC Web Access Authentication Timeout Change in Version 7.0

Summary
SMC version 7.0 and later use a new Webswing framework which by default changes the authentication process timeout to 7 seconds when an administrator uses Web Access. This can cause Web Access login page to show a "Server is not available" error if authentication process takes more than 7 seconds.
Problem
Starting from version 7.0 the SMC Web Access has a new authentication timeout of 7 seconds due to Webswing framework upgrade.

This timeout may be hit commonly in cases where SMC administrator is authenticated via external RADIUS that uses multi-factor authentication i.e. after password has been processed the server sends a push to user's mobile app. Unless the user is quick enough to acknowledge the push and thus cause the RADIUS server to send RADIUS response to SMC within 7 seconds, the authentication will time out.

In case of timeout, the SMC Web Access login page presents a Server is not available error.

Note SMC does not support RADIUS Access-Challenge messages as described in the Security Management Center (SMC) Multi-Factor Authentication Support article.
 
Solution

Web Access hosted on Management Server

SMC version 7.0.2 introduces new WEB_ACCESS_FETCH_TIMEOUT parameter to change the Web Access authentication timeout. The default value of this parameter in 7000 milliseconds (7 seconds): WEB_ACCESS_FETCH_TIMEOUT=7000

To increase the timeout to 20 seconds:

  1. On the SMC server, edit the <installation directory>/data/SGConfiguration.txt file.
  2. Add the following line and save the changes:
    WEB_ACCESS_FETCH_TIMEOUT=20000
  3. Restart the Management Server service, on Windows using the Services panel or on Linux using the systemctl restart sgMgtServer command.

 

Web Access hosted on Web Portal Server

To increase the timeout to 20 seconds:

  1. Edit <installation directory>/data/web_starter.xml and add this before CODE_SERVER line:

<vmargs mode="append">   
    <parameter>-Dwebswing.server.fetchTimeout=20000</parameter>
</vmargs> 

So the file content is now:

<?xml version="1.0" encoding="UTF-8"?>
<smc_starter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:noNamespaceSchemaLocation="xsd/smc_starter.xsd" bootstrap_version="1.0">
<vmargs mode="append">   
    <parameter>-Dwebswing.server.fetchTimeout=20000</parameter>
</vmargs>
  <server CODE_SERVER="211" MAX_MEMORY_IN_MB="8192"/>
  <role>WebPortal</role>
  <context>DependentServer</context>
</smc_starter>

  1. Restart the Web Portal Server service, on Windows using the Services panel or on Linux using the systemctl restart sgWebPortalServer command.