Configuring infinite user sessions
Infinite sessions are user sessions that remain active for a set timeout period. It helps an application to keep the working process active by receiving the new access token for a particular Client ID. Such sessions can be configured for a particular user or a group of BMC Helix Single Sign-On users.
A BMC Helix SSO administrator can enable infinite sessions for users with Local, SAML 2.0, and OpenID Connect authentication types.
Configuring Local infinite sessions
As a BMC Helix Single Sign-On administrator, you can make infinite sessions available for a particular user.
- Log in to the BMC Helix SSO Admin Console.
- Navigate to the Local User.
- Click the Users tab.
- Select the Infinite session checkbox.
- Click Save.
Configuring SAML 2.0 infinite sessions
As a BMC Helix Single Sign-On administrator, you can define group of users who are eligible for infinite sessions. Once configured, such session will remain active for a user from the specific group for a set period of time. The names of a group should coincide with the group specified in the XPath. The option is available for the SAML Authentication type.
- Log in to the BMC Helix SSO Admin Console.
- Click the Realm tab.
- Select the SAML Authentication Type.
- Navigate to the SSO Settings section.
- In the XPath 1.0 for group retrieval field, specify the appropriate path. For example: //*[local-name()='AttributeStatement']/*[local-name()='Attribute'][@Name='Group']/*[local-name()='AttributeValue'].
- In the Infinite session group field, specify the name of the group.
- Click Save.
Configuring OpenID Connect infinite sessions
By specifying the name of the claim in the id_token which contains user's group and matching it with a value in the Infinite session group, BMC Helix Single Sign-On receives the name of a user for which the infinite session will be enabled.
- Log in to the BMC Helix SSO Admin Console.
- Click the Realm tab.
- Select the OIDC Authentication Type.
- Navigate to the SSO Settings section.
- In the Groups Claim Name field, specify the name of a claim in id_token that will be used for a group list extraction.
- In the Infinite session group field, specify the name of the group.
- Click Save.
Comments
Log in or register to comment.