Troubleshooting login and logout issues
This topic provides troubleshooting information about login and logout issues that are associated with a URL redirect and normal identity provider (IdP) behavior.
Automatic IdP login after session ends
With SAML 2.0 authentication, an automatic login can occur after the end user has terminated their single sign-on session. This behavior gives the impression that the user was not logged out.
In SAML 2.0, the IdP caches authentication information within the browser. This information allows the IdP to automatically reauthenticate a user without the user re-entering their credentials. So, when a user logs out of a SAML 2.0 system, a browser refresh can automatically log the user back in to the system.
For example, a user has two browser windows (or tabs) open—one with Remedy Mid Tier and the other with BMC Digital Workplace. If the user logs out of both Remedy Mid Tier and BMC Digital Workplace, the single sign-on session is terminated. If the user just closes the window of BMC Remedy Mid Tier, accesses the BMC Digital Workplace window, and refreshes the browser, then the browser performs the action as though the user is still logged in to the system. A new single sign-on session was created automatically for the user (due to the auto-login of the IdP).
|To ensure that the user is permanently logged out, close all browser windows and tabs.
Tomcat 7 and Java 8 incompatibility
During login, if the end user encounters the error, there might be a Tomcat 7 and Java 8 incompatibility issue:
Some older Tomcat 7 versions (7.0.33 or previous) use the old ecj.jar, which causes issues while compiling codes on Java 8.
Use Java Runtime Environment (JRE) 7 for Tomcat 7, or use Tomcat 7.0.50 and later.
Internet Explorer 8 and earlier does not support the Remedy SSO Admin Console interface
Open Remedy SSO by using Internet Explorer 9 or later, or use other browsers such as Chrome or Firefox.
Redirection loop when logging in through Remedy SSO
If Remedy SSO is configured for SAML authentication and the end user is accessing a BMC application for the first time, the end user might encounter a redirection loop error.
Complete the following steps until you resolve the error.
The maximum number of simultaneous logins is exceeded
If you are logging in to an application and if the following error message displayed, you have exceeded the number of simultaneous session (logins) that are allowed.
As a Remedy SSO administrator, increase the number of allowed sessions for end users in the Session Quota field. For more information, see Adding and configuring realms.
|After end users are successfully authenticated by the identity provider (IdP), the login page appears again
The browser does not recognize the authentication cookie in the following scenarios: