WebSphere Application Server & Liberty

Hello All,

Currently we have an issue with DWC console Application running on liberty. We have setup SAML Web SSO against Azure AD for Single Sign on for DWC console.

 <samlWebSso20 id="defaultSP" enabled="true"
            idpMetadata="/opt/tivoli/maestro/DWC/usr/servers/dwcServer/resources/security/idpMetadata.xml"
            nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" trustStoreRef="twaTrustStore"
            reAuthnOnAssertionExpire="true">
            <trustedIssuers>
                    <issuer name="https://sts.windows.net/cxxxxxxxxxx-xxx-xxxx/"/>
            </trustedIssuers>
    </samlWebSso20>

1. User opens DWC in browser and it redirects to Azure AD, gets validated and returns to DWC homepage.
2. Once the user is in, clicks on Monitor Workload to connect to engine and view job's, job logs, dashboards.etc. This connection happens with the JWT token which is valid for 12 hours as per config and traces we can confirm that.
3. Normal operations continue for each engine calls.etc. Once the user is idle for more than 60 minutes, timer from initial login. and then when user tries to click on one of the engine functionalities, he sees the Error.
4. When the user tries to refresh the homepage, it's throwing 400 bad request and doesn't launch, and we have to wait for some time to re-launch the homepage.

We do see in the logs that samlCreated and samlExpired messages which has 1 hour window. How to make Liberty extend that time or keep the session alive so that a refresh of the page is not needed in order to lose all the dashboards, job views etc on page to get lost.