I am using the SSO login for the users to login to the application. My requirement is to logoff the user after a particular idle time (for example 30 mins). I am using the authentication timeout field in the advanced tab of the access group, but the logoff session is not working. The help says the following
Access Group timeouts, also called authentication timeouts, are established in the Settings tab of the access group form. This setting applies only to interactive (browser-based) users. The system may challenge users who have not sent input to the server during a period, forcing them to reenter an Operator ID and password.
But it is not asking the users for their SSO login. Please Advice
I am sure that timeout is happening in Pega. You can see in the URL that after timeout Pega must be sending the request to IDP for authentication. Just because IDP session is not timeout it is logging again. What you can do it, check force authentication checkbox in advance setting in SAML SSO Rule form. It should work as expected. Force authentication will let IDP know that the session is timed out from the application.
If you use access group authentication time out in case of SSO or LDAP,
The behavior will be like after the specified time, the time out will happen and log off will happen in backend but you will not get redirected to the login page. But when you click on some thing on the screen like link or button, you can see the login page. This is known behavior.
You can think of using pxSessionTimer for log off which will log off the user completely and will show the login page.