Skip to Content
Information
This documentation supports the 25.3 and consecutive patch versions of BMC Helix Single Sign-On. To view an earlier version, select the version from the Product version menu.

 

Enabling automatic renewal of access tokens within the session lifetime

This use case describes how the BMC Helix Single Sign-On flow enables automatic renewal of access tokens within the session lifetime. While users are actively engaged with the BMC Helix application, their access tokens are refreshed in the background, eliminating the need to re-enter credentials. This ensures an uninterrupted user experience.

Related topics

Key concepts

Getting started

Scenario

Centari is a university portal that uses BMC Helix SSO to manage access to its online examination portal. To establish uninterrupted access for students during exams, the administrator enables automatic token renewal. This feature enables students to seamlessly continue examination  without re-logging and losing provided answers and solutions.

Workflow

The following table describes the tasks to be performed in the process of enabling automatic renewal of tokens to extend user sessions:

TaskProduct componentRoleActionReference
1BMC Helix SSO serverBMC Helix SSO administrator

Configure auto−refreshable tokens on the server by using the Remedy SSO Admin Console.

Automatically refreshing access tokens by using the backend-for-frontend approach
2

BMC Helix SSO Agent or Auth Proxy (depending on the Redis service availability)

BMC Helix SSO administrator (BMC Helix SSO Agent) or the internal Ops team (Auth Proxy)

(BMC Helix SSO Agent) Set up the redis-uri, redis-password, and oauth-scope=openid online-refresh properties in the rsso-agent.properties file.

(Auth Proxy) Add the redis-uri, redis-password, and oidc_scope = "openid online-refresh" properties to the external.conf file that can be mounted into the AuthProxy container during the startup.

Note: The automatic renewal of tokens feature does not require the redis-channel to be set. Tokens are refreshed while the session is valid.

Configuring the BMC Helix SSO agent or Configuring Auth Proxy for deployment with BMC Helix SSO

Results

By using the feature, student Charlotte is able to stay continuously authenticated throughout her online examination session. This uninterrupted access allows Charlotte to focus entirely on solving exam questions without the disruption of session timeouts or the need to re-enter credentials. As a result, she can confidently complete her exam without losing progress or answers. The administrator no longer needs to manage re-authentication issues during critical exams, ensuring a smoother experience for students and greater operational efficiency for the university.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Single Sign-On 25.3