Login and logout experience for end users
When you implement a single sign-on system, the normal authentication behavior is altered for end users. If an end user who is already logged in to an application, opens a second application in a browser window, the user is automatically logged on.
Single sign-on experience is enabled for applications that are registered within a single realm on the Remedy Single Sign-On server.
Login
Based on how a realm is configured for authentication, when a user attempts to log in to an application integrated with Remedy SSO, the following events are triggered:
| Event | Configuration |
|---|---|
Remedy SSO login page is displayed | When a realm on the Remedy SSO server is configured for one of the following authentication types:
|
| Login page of the Identity Provider (IdP) is displayed | When a realm on the Remedy SSO server is configured for one of the following authentication types:
|
| No login page is displayed | When a realm on the Remedy SSO server is configured for one of the following authentication types:
|
After the end user enters valid credentials, the Remedy SSO server authenticates the end user according to the configured authentication mechanism and redirects the request to an integrated application. The Remedy SSO agent verifies that the user is authenticated, and then allows the user to access the integrated application.
If the end user tries to access the same application or any other integrated application from another browser tab or window, the Remedy SSO agent checks for an existing user session to determine whether or not the user is already logged on. If the user is already logged on, as in this case, the application UI is displayed without the user being prompted for credentials.
If the user session does not exist yet, or the user is not already logged on, Remedy SSO does the normal token check (from a cookie) and redirects the user to the login page.
Logout
When an end user clicks the logout URL in the integrated application, the Remedy SSO agent sends a request to the Remedy SSO server.
Based on how a realm is configured, end users have the following logout experience:
| Realm configuration | Logout experience |
|---|---|
| Single logout is disabled | A reference counter on the user token table in the web application increments or decrements the application count when the user logs in or logs out from an application. The reference counter is implemented by applications that are logged in to by using the Remedy SSO token. When an end user logs out from an application, but the application count is greater than 0, it means the user is still logged in to one or more applications. In this case, the system does not prompt the user for credentials when the user logs in to another application again. When an end user logs out from an application, and the application count is 0, it means the user is logged out from Remedy SSO. The user will be prompted for credentials on accessing applications. |
| Single logout is enabled | When an end user clicks the logout URL for one application, the user is automatically logged out from Remedy SSO. |
Comments
Log in or register to comment.