Logon and logoff experience for end users
When you implement a single sign-on system, the normal authentication behavior is altered for end users. If an end user who is already logged in to an application, opens a second application in a browser window, the user is automatically logged on.
Based on the way Remedy Single Sign-On is configured with the integrated application, when a user attempts to log on to an application integrated with Remedy SSO, the following events are triggered:
- The Remedy SSO logon page is displayed to the user for authentication.
- If Remedy SSO is configured for SAML or OpenID Connect, the user request is redirected by Remedy SSO web application to an external Identity Provider (IdP).
When the end user enters valid credentials, Remedy SSO server redirects the request to an integrated application. Remedy SSO agent verifies that the user is authenticated and then allows the user to access the integrated application.
When the user tries to access the same application or any other integrated application from another browser tab or window, Remedy SSO agent checks for an existing user session, and checks to determine whether or not the user is already logged on. If the user is already logged on, as in this case, the application UI is displayed without the user being prompted for credentials. If the user session does not exist yet, or the user is not already logged on, Remedy SSO does the normal token check (from a cookie) and redirects the user to the logon page.
When the user hits the logout URL in the integrated application, Remedy SSO agent sends a request to Remedy SSO server. A reference counter on the user token table in the web application increments or decrements the application count when the user logs on or logs out from an application. The reference counter is implemented by applications that are logged on to by using the Remedy SSO token.
When a user logs out from an application but the application count is greater than 0, it means the user is still logged on to one or more applications. In this case, the system does not prompt the user for credentials when the user is gaining access to another application.
If the user logs out from an application, and the application count is 0, it means the user is logged out from Remedy SSO. The user will be prompted for credentials on accessing applications.
Log in or register to comment.