Troubleshooting login and logout issues
This topic provides troubleshooting information about login and logout issues that are associated with a URL redirect and normal identity provider (IdP) behavior.
Issue | Description | Workaround |
---|---|---|
Automatic IdP login after session ends | With SAML 2.0 authentication, an automatic login can occur after the end user has terminated their single sign-on session. This behavior gives the impression that the user was not logged out. In SAML 2.0, the IdP caches authentication information within the browser. This information allows the IdP to automatically reauthenticate a user without the user re-entering their credentials. So, when a user logs out of a SAML 2.0 system, a browser refresh can automatically log the user back in to the system. For example, a user has two browser windows (or tabs) open—one with Remedy Mid Tier and the other with BMC Helix Digital Workplace. If the user logs out of both Remedy Mid Tier and BMC Helix Digital Workplace, the single sign-on session is terminated. If the user just closes the window of BMC Remedy Mid Tier, accesses the BMC Helix Digital Workplace window, and refreshes the browser, then the browser performs the action as though the user is still logged in to the system. A new single sign-on session was created automatically for the user (due to the auto-login of the IdP). | To ensure that the user is permanently logged out, close all browser windows and tabs. |
Tomcat 7 and Java 8 incompatibility | During login, if the end user encounters the error, there might be a Tomcat 7 and Java 8 incompatibility issue:
Some older Tomcat 7 versions (7.0.33 or previous) use the old ecj.jar, which causes issues while compiling codes on Java 8. | Use Java Runtime Environment (JRE) 7 for Tomcat 7, or use Tomcat 7.0.50 and later. |
Redirection loop when logging in through BMC Helix SSO | If BMC Helix SSO is configured for SAML authentication and the end user is accessing a BMC application for the first time, the end user might encounter a redirection loop error. | Complete the following steps until you resolve the error.
|
The maximum number of simultaneous logins is exceeded | If you are logging in to an application and if the following error message displayed, you have exceeded the number of simultaneous session (logins) that are allowed.
| As a BMC Helix SSO administrator, increase the number of allowed sessions for end users in the Session Quota field. For more information, see Adding and configuring realms. |
After end users are successfully authenticated by the identity provider (IdP), the login page appears again | The browser does not recognize the authentication cookie in the following scenarios:
|
|
User login fails. | A user cannot log in to the integrated BMC product when:
| Ensure that the external system is accessible. For more information about webhooks, see Notifying an external service about user authentication by using a webhook. |
Comments
Log in or register to comment.