Viewing tokens for a user session to analyze application issues

When a user or a service, requests BMC Helix Single Sign-On for access to the application over the OAuth2 protocol, BMC Helix Single Sign-On issues access and refresh tokens related to the user's session. 

Administrators can view the details of all the tokens issued for a user session to troubleshoot multiple issues like continued user access even after the user has logged out of the application, or users being logged out of applications automatically. You can use this data to delete tokens associated with a user session without having to explicitly search for tokens associated with the user session from the OAutn token list.

Administrators can view details including the client ID, type, creation, and expiration information of OAuth2 tokens related to the selected user session. The actual token value is masked for security reasons. 

Important

You can only view token details of an active session from the Sessions page. To view a list of all tokens available in the system, view the Tokens tab from the OAuth2 menu.

Tenant administrator access to session and token information

In a single tenant environment, session information and related token data are accessible to the administrators of the specific Tenant and the SaaS administrator. For example, you have a tenant Apex Global. Session and token data for this tenant is available only in the Tenant Admin Console of the Apex Global tenant and the SaaS Admin Console when the Apex Global tenant is selected. 

In a multitenant environment, user session information is stored in the specific Tenant, and the token information for the session is stored in the SaaS Tenant. Tenant administrators can view session information for their tenant, but do not have access to the token information. 

For example, Tenant Administrators for Apex Global only have access to the session data and SaaS administrators have access to the session and token data for Apex Global. 

 

To view token data for available sessions

  1. Log in to BMC Helix Single Sign-On Admin Console, as a SaaS Administrator or Tenant Administrator.
  2. On the navigation pane, click Session.
  3. On the Session Report page, click for the selected user.
    The page displays all the tokens associated with the user's session, and details like the client ID, type, creation, and expiration date and time of the token.


To invalidate an OAuth token for an end-user session

  1. Log in to BMC Helix Single Sign-On Admin Console, as a SaaS Administrator or Tenant Administrator.
  2. On the navigation pane, click Session.
  3. On the Session Report page, click Tokens for the selected user.
  4. Select the Token and click delete in the Action column.

Important

For more information about viewing a complete list of OAuth tokens, see Configuring OAuth 2.0.

Was this page helpful? Yes No Submitting... Thank you

Comments