I am working on a project where we use Siteminder authentication.
We have the session timeout configured both in Siteminder and Application.
In siteminder it is 30 mins and in application it is 29 mins.
After login through SSO page, the page is redirected to home page where we have option to search for some values. After searching, from the results, we provide links [a4j:commandLink] to some values so that on clicking on them it opens a modal panel with resp values.
We are facing a scenario where the user searched for some values and leaves the page idle for some time. After half an hour or so after the session time out period, he/ she tries to click on any of the link to open the modal panel.
In this case the session si already timeout in Siteminder as well and so we are redirected to SSO login page.
But after login, instead of Home page display, we are being displayed with XML content.
We have used PreAuthenticatedProcessingFilterEntryPoint as the entry point in security configuration.
What is observed is that the action call is not at all reaching the server in case of session timeout, so using of A4J.AJAX.onExpired is also not working.