Versions Compared

Version Old Version 4 New Version Current
Changes made by

Gregory Bobst (Unlicensed)

Andreas Marinello

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

This article describes how you can configure provides detailed instructions on how to configure logout timeouts in the CoreOne Suite to manage when a User will get loged off for every client or for the whole CoreOne Suite.

Table of Contents

Tokens

It is possible to configure the lifetimes . It explains the available options, how to adjust the timeout settings, and the implications for user sessions and security.

Table of Contents
Info

On this page, you will find more information about the lifetime of tokens and details about the clients. It covers how token lifetimes are managed and how they can be configured for specific clients. Client

Tokens

When authenticating to any application, the various lifetime settings in the client configuration will affect the user experience. You can configure the lifetime of any token for any client in the Web-GUI. For thatCoreOne Admin User Interface. To do this, navigate to the following page in the CoreOne Suite Admin User Interface:

SSO → Application → CoreOne Suite → Choose any client that you want to configure (Pencil-button on the right side of the client).

You can configure the lifetime of following 4 types of tokens:

Identity-token:

The identity token is used, that the CoreOne Suite knows that the user is authenticated. You will get this token after you started a session.

Access token:

The access token is used for getting access to the client of an specific user. You will get this token after the login to the CoreOne Suite.

Authorizationcode token:

??

Sliding refresh token:

This is used to refresh you’re identity and access token when they expire. So you can stay logged in, because you will get new tokens.

Image Removed

Logout while inactive

We’re able to set a specific time when the user should get logged off while he was inactive. Inactive means, that the user won’t execute any process in the CoreOne Suite in a period of time. You can set this parameter in the following .For more information about tokens and their lifetimes, please visit: Token

Inactivity Logout - Admin UI

If the user remains inactive (i.e., no requests are made) for a specified period, the application will log the user out. This timeout duration can be configured during installation or later in the .json file: FrotendWeb_ApplicationConfiguration.jsonThis file is in the following path: found at C:\ProgrammData\itsense\Configuration\FrotendWeb_ApplicationConfiguration.json

...

SSO Cockie

We can set the Time-out lenght of the session cockie from the “Authentication Service“. This is configured in the IIS (Internet Information Services).

To set the time for the time-out, navigate to following page in the IIS: Sites → CoreOne Authentication Service → Session State

On the bottom of this page you will see the the configuration for the Time-out (in minutes). Here you can set the time, how long the SSO cockie should be valid.

...

The setting is named InactivityLogoutTimespanInMinutes and you see an example on line 4:

Code Block
{
  "AutoRefreshToken": true,
  "EnableInactivityLogout": true,
  "InactivityLogoutTimespanInMinutes": 30,
  "CommunicationCertificateSubject": "Default.Communication.CoreOne.ITSENSE.local",
  "LoginAuthority": "https://coslogin.local:5000/",
  "BackendServiceHostname": "localhost",
  "UseDevelopmentDirectViewLoadingEngine": true,
  "UseOpenTelemetry": false,
  "OpenTelemetryCollectorEndpoint": "https://otlp-gateway-prod-eu-west-2.grafana.net/otlp/v1/traces",
  "OpenTelemetryCollectorMetricsEndpoint": "https://otlp-gateway-prod-eu-west-2.grafana.net/otlp/v1/metrics",
  "OpenTelemetryCollectorHeaders": "Authorization=Basic NjkyODA0OmV5SnJJam9pWX...FpT2prd01EUTVPSDA9",
  "OpenTelemetryCollectorProtocol": "HttpProtobuf"
}

Please be aware to recycle all Admin IIS Pools in order for this change to take effect.

SSO Session Cookie - IdP Setting

The duration for which the IdP's session cookie is retained can be configured within the CoreOne Admin User Interface.

Navigate to Single Sign-On (SSO) → Settings

These settings are of interest:

  • LoginCookieExpiration in seconds
    Specifies how long a session cookie is retained. See Setting 13 in Settings

  • LoginCookieExpiration is sliding
    This is a boolean value that determines whether the login cookie should follow a sliding expiration period and therefore be extended with new requests. See Setting 14 in Settings

  • EnableRememberMe
    Decide whether to show the 'Remember Me' button on the authentication page. See Setting 11 in Settings

  • RememberMeDuration in seconds
    The lifetime of the remember me cookie in seconds. See Setting 12 in Settings

IIS Cookie Setting

In the IIS Manager navigate to: Sites → CoreOne Authentication Service / CoreOne Web Service / CoreOne Self-Service → Session State → Cookie Settings

It is advised to set this setting according to LoginCookieExpiration in seconds

...