Implementing automatic renewal of access tokens within the session lifetime
Scenario
Centari is a university portal that uses BMC Helix SSO to manage access to its online examination portal. To establish uninterrupted access for students during exams, the administrator enables automatic token renewal. This feature enables students to seamlessly continue with their examination without re-logging and losing the completed answers and solutions.
Workflow
The following table describes the tasks involved in the process of enabling automatic renewal of tokens to extend user sessions:
| Task | Product component | Role | Action | Reference |
|---|---|---|---|---|
| 1 | BMC Helix SSO server | BMC Helix SSO administrator | Configure auto−refreshable tokens on the server by using the Remedy SSO Admin Console. | Automatically refreshing access tokens by using the backend-for-frontend approach |
| 2 | BMC Helix SSO agent or Auth Proxy (depending on the Redis service availability) | BMC Helix SSO administrator (for BMC Helix SSO agent) or the internal Ops team (for Auth Proxy) | (BMC Helix SSO agent) Set up the redis-uri, redis-password, and oauth-scope=openid online-refresh properties in the rsso-agent.properties file. (Auth Proxy) Add the redis-uri, redis-password, and oidc_scope = "openid online-refresh" properties to the external.conf file that can be mounted into the AuthProxy container during the startup. Note: The automatic renewal of tokens feature does not require the redis-channel to be set. Tokens are refreshed while the session is valid. | Configuring the BMC Helix SSO agent or Configuring Auth Proxy for deployment with BMC Helix SSO |
Results
By using the feature, student Charlotte is able to stay continuously authenticated throughout her online examination session. This uninterrupted access allows Charlotte to focus entirely on solving exam questions without the disruption of session timeouts or the need to re-enter credentials. As a result, she can confidently complete her exam without losing progress or answers. The administrator no longer needs to manage re-authentication issues during critical exams, ensuring a smoother experience for students and greater operational efficiency for the university.