×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Helix Single Sign-On 23.1 ... Administering Configuring the BMC Helix SSO agent

Automatically extending OAuth 2.0 user sessions by enabling refresh tokens

The BMC Helix Single Sign-On agent supports auto−refreshable tokens that enable infinite user sessions. Such user sessions remain active for a set timeout period. It helps an application to keep the working process active by receiving the new access token for a particular Client ID.

Configurations are made by the BMC Helix SSO SaaS administrator and tenant administrator in the BMC Helix SSO agent and on the server via the BMC Helix SSO Admin Console.


Related topics

BMC Helix SSO agent

Configuring OAuth 2.0

Conditions for automatically extending user sessions with a refresh token

To automatically generate the new access and refresh tokens, the following preconditions should be met:

  • BMC Helix SSO user session associated with access token is valid (active).
  • Access token is valid.
  • Access token is set to expire in 5 minutes.
  • openid (Scope used for OpenID connect) and online-refresh (Online refresh) access scopes are enabled in OAuth2.0 client. These scopes also should be added as parameters on the BMC Helix SSO agent side in rsso-agent.properties file (or on the Auth Proxy side).

Note

When a user logs in to the BMC Helix SSO for the first time with the enabled OpenID and online-refresh access scopes, BMC Helix SSO generates a pair of refresh and access tokens for a user session. BMC Helix SSO generates both access and refreshes tokens during the subsequent user sessions, but only the new access token is passed to the BMC Helix SSO agent.

To configure server via the BMC Helix SSO Admin Console

As a BMC Helix SSO SaaS administrator or a tenant administrator you can configure auto−refreshable tokens on the server via the BMC Helix SSO Admin Console. For this, perform the following steps:

  1. Navigate to the OAuth2 tab > Clients.
  2. In the Allowed Scopes section, select openid and online-refresh checkboxes.
  3. In the Token timeouts section, specify necessary values for the Access Token Timeout field.

For more information about token timeouts, see Configuring OAuth 2.0.

To configure the BMC Helix SSO agent 

For the BMC Helix SSO agent, make the configurations in the rsso-agent.properties file.

To receive auto−refreshable tokens, the oauth-scope key in the rsso-agent.properties file should contain openid and online-refresh values. By default, the oauth-scope key contains openid value.

  1. Open the rsso-agent.properties file and specify the following values separated by spaces: 

    oauth-scope=openid online-refresh
redis_uri=<redis_uri>
redis_password=<redis_pwd>

  2. Save your changes.

To configure the external Auth Proxy

To configure auto−refreshable tokens for the external Auth Proxy, add the following details in the Auth Proxy config file:

oidc_scope = "openid online-refresh"
redis_uri = "<redis_uri>"
redis_password = "<redis_pwd>"



Was this page helpful? Yes No Submitting... Thank you
Last modified by Priya Shetye on Jan 05, 2024
remedy_single_sign_on agent web_agent

Comments

Log in or register to comment.

Configuring the BMC Helix SSO agent to enable end users to change their passwords
Setting up end user authentication
© Copyright 2013 - 2023 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.