Question

3
Replies
5746
Views
 Kiran V (kiran.v@intel)
Intel

Intel
IN
kiran.v@intel Member since 2017 19 posts
Intel
Posted: January 11, 2018
Last activity: January 11, 2018
Posted: 11 Jan 2018 1:42 EST
Last activity: 11 Jan 2018 5:27 EST
Closed

Requestor Session Timeout for SSO

Hi,

We are trying to implement requestor session timeout. This is not for default /prweb. We have SSO based authentication which is something like /prweb/PegaSSO.
We have added <env name="timeout/browser" value="60"/> in our prconfig.xml. I believe the value is in seconds. But we dont see the session cleaned up after 60 seconds.
I did read some articles on adding session timeout in Access Group. This is something we haven't tried.
Any thoughts and suggestions will be helpful.

***Updated by moderator: Lochan to add Categories***

Data Integration
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 3 years ago
Posted: 11 Jan 2018 2:21 EST
Mohammad Asif Hasan (Asif Hasan)
PEGA
Senior Technical Solutions Engineer
Pegasystems Inc.
IN

Hi Kiran,

Thanks for posting on PSC,

Enter a number of seconds after which the system challenges idle browser sessions (for users of this access group), asking users to re-enter their Operator ID and password. This timeout event does not cause session context or clipboard contents to be lost.

If users respond to the challenge and are re-authenticated, they can usually continue processing where they left off, unless the system released locks they held in the meantime, or the system was stopped and restarted.

This setting is also taken into account in a mobile app that is either online or offline. When the timeout value is reached, the user is automatically logged out when they perform any action. They are brought back to the login screen.

Note: This authentication timeout is not related to the timeout/browser value in the prconfig.xml file or Dynamic System Settings, which controls when passivation occurs.

Refer it:-https://pdn.pega.com/sites/pdn.pega.com/files/help_v721/procomhelpmain.htm#data-/data-admin-/data-admin-operator-/data-admin-operator-accessgroup/settings.htm&#13;

Kindly notify if it helps you in implementing your business requirement, by marking this post as answered.

Regards,
Asif
Posted: 3 years ago
Posted: 11 Jan 2018 5:27 EST
Arun Kumar Mahanty (Arun_Mahanty)
PEGA
Principal Technical Solutions Engineer
Pegasystems Inc.
IN

Access Group timeouts, also called authentication timeouts, are established in the Settings tab of the access group form. This setting applies only to interactive (browser-based) users. The system may challenge users who have not sent input to the server during a period, forcing them to re-enter an Operator ID and password.


If you want custom authentication you can use of pxSessionTimer section .


For more information go through below article


https://pdn.pega.com/sites/pdn.pega.com/files/help_v719/procomhelpmain.htm#definitions/t/timeouts.htm


Thanks,


Arun