Support Article
SSO user Timeout Countdown and proper SSO Logoff
SA-18813
Summary
When user logs off PRPC with SSO they are being brought back into PRPC before pxSessionTimer control can display the countdown timer and log the user off.
Error Messages
Not Applicable.
Steps to Reproduce
Not Applicable.
Root Cause
How to Question.
Resolution
For session timer with countdown window for PRPC 7.1.6/7 follow this PDN article:
https://pdn.pega.com/support-articles/pxsessiontimer-logoff-timer-does-not-display-countdown-window
PRPC v 7.1.8 and above may omit steps 3 and 4.
Logoff action may take users directly back into PRPC. This is because of a Meta Redirect in the Web-Session-Return that when not using SSO simply takes the user back to the PRPC login screen. When using SSO this will trigger the Data-Admin-AuthService login activity to run again and if still logged into a third party SSO application will then trigger authentication and take the user back into PRPC.
To resolve this simply remove or modify the Meta Redirect from the Web-Session-Return HTML rule. This requires having a custom AccessGroup and RuleSet defined in specified in the systems Data-Admin-Requrestor Browser instance. Why? When Web-Session-Return is run the user is unauthenticated.
1) Copy the Web-Session-Return rule into the Ruleset available to unauthenticated users.
2) Remove the Meta-Redirect, to remain on logoff screen, or modify redirect to call third party SSO logoff URL.
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.