This documentation supports the 21.3 version of BMC Helix Single Sign-On.To view an earlier version, select the version from the Product version menu.

Configuring infinite user sessions

Infinite sessions are user sessions that remain active for a set timeout period. It helps an application to keep the working process active by receiving the new access token for a particular Client ID. Such sessions can be configured for a particular user or a group of BMC Helix Single Sign-On users. A BMC Helix SSO administrator can enable infinite sessions for users with Local, SAML 2.0, and OpenID Connect authentication types.


Related topics

Configuring-the-BMC-Helix-SSO-server

Managing-local-users-and-passwords

SAML-2-0-authentication

OpenID Connect authentication

Configuring Local infinite sessions

As a BMC Helix Single Sign-On administrator, you can make infinite sessions available for a particular user. 

  1. Log in to the BMC Helix SSO Admin Console.
  2. Navigate to the Local User.
  3. Click the Users tab.
  4. Select the Infinite session checkbox.
  5. Click Save.


Configuring SAML 2.0 infinite sessions

As a BMC Helix Single Sign-On administrator, you can define group of users who are eligible for infinite sessions. Once configured, such session will remain active for a user from the specific group for a set period of time. The names of a group should coincide with the group specified in the XPath. The option is available for the SAML authentication type.

  1. Log in to the BMC Helix SSO Admin Console.
  2. Click the Realm tab.
  3. Select the SAML Authentication Type.
  4. Navigate to the RSSO Settings section.
  5. In the XPath 1.0 for group retrieval field, specify the appropriate path. For example: //*[local-name()='AttributeStatement']/*[local-name()='Attribute'][@Name='Group']/*[local-name()='AttributeValue'].
  6. In the Infinite session group field, specify the name of the group.
  7. Click Save.


Configuring OpenID Connect infinite sessions

By specifying the name of the claim in the id_token which contains user's group and matching it with a value in the Infinite session group, BMC Helix Single Sign-On receives the name of a user for which the infinite session will be enabled. 

  1. Log in to the BMC Helix SSO Admin Console.
  2. Click the Realm tab.
  3. Select the OIDC Authentication Type.
  4. Navigate to the RSSO Settings section.
  5. In the Groups Claim Name field, specify the name of a claim in id_token that will be used for a group list extraction. 
  6. In the Infinite session group field, specify the name of the group.
  7. Click Save.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*