Support Article
SSO reauthenication is not working after session timing out
SA-6357
Summary
Using PRPC 5.4SP2 and Siteminder to provide Single Sign On (SSO) authentication. The security requirement is to log users off the application after 30 minutes of idle time, there should be no warnings or ways to restore session. How can we do this in PRPC 5.4SP2?
Error Messages
NA
Steps to Reproduce
NA
Root Cause
When using PRPC 5.4SP2 and older style "User" portals there are timeout configuration options on the custom tab. This will be default provide a way to warn the user a timeout is about to occur and also provide a way for the user to extend thier session if acknowledged.
The requirements dictated that the user should be automatically logged off. To accomplish this the timeout logic needs to be customized. In older style user portals this requires a custom "frameset" html rule and the inclusion of the following scripting:
<script>
function framesetscript_restartTimeoutWarningTimer()
{
if (window.gTimeoutTime && gTimeoutTime > 0) {
var nTimeoutWarningTime= gTimeoutTime * 60000;
clearTimeout(gTimeoutWarningCountdown);
if (nTimeoutWarningTime >= 0) {
if (DesktopUserSessionInfo_gRedirectOnTimeout) {
gTimeoutWarningCountdown = self.setTimeout("framesetscript_showTimeoutLogoffDialog('"+gTimeoutWarningWindow+"')",nTimeoutWarningTime);
}
else {
gTimeoutWarningCountdown= self.setTimeout("framesetscript_showTimeoutWarningLogoff()", nTimeoutWarningTime);
}
}
}
}
function framesetscript_showTimeoutWarningLogoff()
{
application.logOff(true);
}
</script>
The function framesetscript_restartTimeoutWarningTimer is originally defined in framesetscript.js and gets overriden in the custom frameset. The only change here is the call to framesetsrcipt_showTimeoutWarningLogoff and that function simply calls application.logOff.
Resolution
This issue is resolved through a local change. This can be tricky with PRPC 5.4SP2 and older User style portals. Please consider upgrading to the latest version of PRPC where portals are harness based and pxSessionTimer section can be used to properly accomidate such requirements.
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.