SOAP connection timeout issues

  • Published on Jul 7, 2025
  • 2 minute(s) read
Prev Next

The OneSpan Authentication Server SOAP communicator has several timeout settings:

  • Connection-Idle-Timeout. This defines (in seconds) how long the SOAP communicator should wait for data on an idle socket before closing the connection. To disable the connection idle timeout, set it to 0. If only one socket is open, the SOAP communicator will not close it for being idle. The Connection-Idle-Timeout setting will only be used whenever multiple SOAP communicator sockets are open. If undefined, this is set to 90 seconds.
  • Connection-Timeout. This defines (in seconds) how long the SOAP communicator should wait for a SOAP client to acknowledge that a connection has been established. If undefined, this is set to 90 seconds.

  • SOAP-Receive-Timeout. This defines (in seconds) how long the SOAP communicator should wait for data after an incoming RECEIVE request from a socket before declaring the request as failed due to inactivity (stall time). The higher this value, the longer connections will remain open. If undefined, this is set to 5 seconds.

    You can increase this value if you experience a lot of connection issues with SOAP clients, for example, Digipass Authentication for Windows Logon. However, setting this value too high, can negatively impact the performance. If you considerably increase this timeout, you should also increase the Listen-Backlog and Max-Workers configuration settings.

If you are experiencing connection problems with the SOAP communicator, you can try to adjust the connection timeout values by modifying the OneSpan Authentication Server configuration file (i.e. identikeyconfig.xml).

The XML configuration file identikeyconfig.xml is located in the following folders:

  • On Linux: /etc/vasco/ias
  • On Windows: %PROGRAMFILES%\VASCO\IDENTIKEY Authentication Server\bin

The timeout settings are specified within the SoapCommunicator settings group.

XPath: //VASCO/Communicators/SoapCommunicator

<SoapCommunicator>
  <Connection-Timeout type="unsigned" data="90"/> 
  <Connection-Idle-Timeout type="unsigned" data="5"/>
  <SOAP-Receive-Timeout type="unsigned" data="5"/>
  ...
</SoapCommunicator>

The values in this example configure the following behavior:

  • After attempting to establish a connection with a SOAP client, the SOAP communicator will fail the attempt if the SOAP client does not respond within 90 seconds.
  • If more than one SOAP communication sockets are open, any sockets that are idle for more than 5 seconds are closed (until only one SOAP communication socket remains).

Configuring the SOAP connection timeout values requires a restart of the OneSpan Authentication Server service (see OneSpan Authentication Server configuration).

SOAP client connection check

The Connection-Idle-Timeout setting of the SOAP communicator controls the time in which OneSpan Authentication Server should close an idle SOAP communication socket.

This connection, however, is not automatically closed on the SOAP client end. As such, the Administration Web Interface verifies if a connection is still open at the OneSpan Authentication Server end before using that connection. If the Administration Web Interface detects that the SOAP communicator has already closed that connection, the Administration Web Interface will do the following:

  1. Close the connection at the Administration Web Interface end.
  2. Open a new connection to the OneSpan Authentication Server SOAP communicator.

This behavior is controlled by the following webadmin.properties setting:

com.vasco.webadmin.checkStaleConnections=true

With the default setting (true), the Administration Web Interface will perform the connection check. If the OneSpan Authentication Server SOAP communicator Connection-Idle-Timeout setting is set to zero (i.e. disabled), then you can configure the Administration Web Interface to skip the connection check by setting checkStaleConnections to false.

To configure Administration Web Interface settings via webadmin.properties file

  1. Navigate to the Apache Tomcat installation directory (typically %PROGRAMFILES%\VASCO\IAS Web Administration\tomcat on Windows).
  2. Navigate to \webapps\ROOT\WEB-INF\classes\.
  3. Edit the webadmin.properties file accordingly.