Posted: 22 Feb 2021 0:58 EST Last activity: 1 Mar 2021 19:20 EST
Single Sign On - Keeping the user session alive while the user is actively using another non Pega application
I am trying to address the below scenario
Our application (App A built on Pega) is launched from a different application (App B) (non Pega and it is basically has a link to launch App A). Both Apps use the IDP for authentication.
App B hosts multiple applications like App A, so a user basically login into App B (authentication done using IDP) and then launch App A by clicking on a link. App A checks with the IDP for a valid session, gets the assertion and updates the user basic info and access group on the Operator record and launch the portal.
There is a 15 min, session timeout in IDP unless the user is active in any of the application launched from that session, so it is expected from the application to send idp a keep alive request after every few mins (lets assume 10 mins). If IDP doesnt get any request from any application, then it kills the user sessions and sends a notification to all the applications that are launched from that session to log out the user.
Now we have done the below
1. Implemented SSO using the SAMAUTH Auth service.
2. Configured the same 15 min session timeout, by customizing the pxSessionTimer section, and alerting the user at 10 mins that the session will timeout in 5 mins if no action is taken, there is an ok button and if user clicks it the Pega session is getting extended.
3. If user does'nt extend the session, then LogOff triggers and we have implemented SLO, so the user logs off from Pega, and also a request is sent to IDP, which further sends the logout request to all the applications.
What I need help with is
1. IDP has a url to keep the session alive, so we need to call that url periodically but user should be able to work without any interruptions or redirections. Does Pega has any OOB feature that I am missing, which could make this asynchronous call ?
2. How do we listen to the IDP request to keep the session alive, when the user is active in other applications ?
In IDP Service Provider settings we need to provide a link, which is called by IDP by adding user session id and it does'nt expect any response.
Does Pega has any OOB feature or any suggestion on how to implement this ?
We are using PRPC 7.4, using OOB SAMAUTH, SAML 2.0 , Infinity IDP.
@Kamalesh_mohanty No I am still trying to find a best solution around this requirement.
Basically I need to provide a service which IDP keeps calling with the session info and then I need to extend the pega user session with the same session id. This way even if the user is not active in pega application, the single sign on session continues and extends.
Can you please let me know if you have any specific questions or thoughts on this.