Automatic IdP login after session ends
With SAML 2.0 authentication, an automatic login can occur after the end user has terminated their single sign-on session. This behavior gives the impression that the user was not logged out.
In SAML 2.0, the IdP caches authentication information within the browser. This information allows the IdP to automatically reauthenticate a user without the user re-entering their credentials. So, when a user logs out of a SAML 2.0 system, a browser refresh can automatically log the user back in to the system.
For example, a user has two browser windows (or tabs) open—one with Remedy Mid Tier and the other with BMC Helix Digital Workplace. If the user logs out of both Remedy Mid Tier and BMC Helix Digital Workplace, the single sign-on session is terminated. If the user just closes the window of BMC Remedy Mid Tier, accesses the BMC Helix Digital Workplace window, and refreshes the browser, then the browser performs the action as though the user is still logged in to the system. A new single sign-on session was created automatically for the user (due to the auto-login of the IdP).
To ensure that the user is permanently logged out, close all browser windows and tabs.
Redirection loop when logging in through BMC Helix SSO
If BMC Helix SSO is configured for SAML authentication and the end user is accessing a BMC application for the first time, the end user might encounter a redirection loop error.
Complete the following steps until you resolve the error.
The maximum number of simultaneous logins is exceeded
If you are logging in to an application and if the following error message displayed, you have exceeded the number of simultaneous session (logins) that are allowed.
As a BMC Helix SSO administrator, increase the number of allowed sessions for end users in the Session Quota field. For more information, see Adding and configuring realms.
|After end users are successfully authenticated by the identity provider (IdP), the login page appears again|
The browser does not recognize the authentication cookie in the following scenarios: