OAuth Introspection
Authentication details are passed to a server for verification by using an OAuth introspection endpoint.
When OAuth Introspection Authentication is enabled, the WebSEAL configuration parameter
sessionlifetime
timeout, which is controlled by the timeout entry in the
[session]
stanza of the WebSEAL configuration file, is ignored. The session
lifetime is set to the OAuth token expiry time.