Gopi Bala Nageswara Rao Pentakota (P.G.B.N.Rao)
Assistant Consultant
P.G.B.N.Rao Member since 2012 7 posts
Posted: February 22, 2021
Last activity: March 1, 2021
Posted: 22 Feb 2021 0:58 EST
Last activity: 1 Mar 2021 19:20 EST

Single Sign On - Keeping the user session alive while the user is actively using another non Pega application


I am trying to address the below scenario

Our application (App A built on Pega) is launched from a different application (App B) (non Pega and it is basically has a link to launch App A). Both Apps use the IDP for authentication. 

App B hosts multiple applications like App A, so a user basically login into App B (authentication done using IDP) and then launch App A by clicking on a link. App A checks with the IDP for a valid session, gets the assertion and updates the user basic info and access group on the Operator record and launch the portal.

There is a 15 min, session timeout in IDP unless the user is active in any of the application launched from that session, so it is expected from the application to send idp a keep alive request after every few mins (lets assume 10 mins). If IDP doesnt get any request from any application, then it kills the user sessions and sends a notification to all the applications that are launched from that session to log out the user.

Now we have done the below 

1. Implemented SSO using the SAMAUTH Auth service.

2. Configured the same 15 min session timeout, by customizing the pxSessionTimer section, and alerting the user at 10 mins that the session will timeout in 5 mins if no action is taken, there is an ok button and if user clicks it the Pega session is getting extended.

3. If user does'nt extend the session, then LogOff triggers and we have implemented SLO, so the user logs off from Pega, and also a request is sent to IDP, which further sends the logout request to all the applications.


What I need help with is 

1. IDP has a url to keep the session alive, so we need to call that url periodically but user should be able to work without any interruptions or redirections. Does Pega has any OOB feature that I am missing, which could make this asynchronous call ?

2.  How do we listen to the IDP request to keep the session alive, when the user is active in other applications ?

In IDP Service Provider settings we need to provide a link, which is called by IDP by adding user session id and it does'nt expect any response.

Does Pega has any OOB feature or any suggestion on how to implement this ?

We are using PRPC 7.4, using OOB SAMAUTH, SAML 2.0 , Infinity IDP.


Appreciate your thoughts and suggestions.







Pega Platform 7.4 Security Financial Services Lead System Architect