Configuring infinite user sessions

Infinite sessions are user sessions that remain active for a set timeout period. It helps an application to keep the working process active by receiving the new access token for a particular Client ID. Such sessions can be configured for a particular user or a group of BMC Helix Single Sign-On users. 

A BMC Helix SSO administrator can enable infinite sessions for users with Local, SAML 2.0, and OpenID Connect authentication types.

Configuring Local infinite sessions

As a BMC Helix Single Sign-On administrator, you can make infinite sessions available for a particular user. 

  1. Log in to the BMC Helix SSO Admin Console.
  2. Navigate to the Local User.
  3. Click the Users tab.
  4. Select the Infinite session checkbox.
  5. Click Save.

Configuring SAML 2.0 infinite sessions 

As a BMC Helix Single Sign-On administrator, you can define group of users who are eligible for infinite sessions. Once configured, such session will remain active for a user from the specific group for a set period of time. The names of a group should coincide with the group specified in the XPath. The option is available for the SAML Authentication type.

  1. Click the Realm tab.
  2. Select the SAML Authentication Type.
  3. Navigate to the SSO Settings section.
  4. In the XPath 1.0 for group retrieval field, specify the appropriate path. For example: //*[local-name()='AttributeStatement']/*[local-name()='Attribute'][@Name='Group']/*[local-name()='AttributeValue'].
  5. In the Infinite session group field, specify the name of the group.
  6. Click Save.

Configuring OpenID Connect infinite sessions

By specifying the name of the claim in the id_token which contains user's group and matching it with a value in the Infinite session group, BMC Helix Single Sign-On receives the name of a user for which the infinite session will be enabled. 

  1. Click the Realm tab.
  2. Select the OIDC Authentication Type.
  3. Navigate to the SSO Settings section.
  4. In the Groups Claim Name field, specify the name of a claim in id_token that will be used for a group list extraction. 
  5. In the Infinite session group field, specify the name of the group.
  6. Click Save.
Was this page helpful? Yes No Submitting... Thank you