Introduction

This article describes how you can configure the CoreOne Suite to manage when a User will get loged off for every client or for the whole CoreOne Suite.

Tokens

It is possible to configure the lifetimes of any token for any client in the Web-GUI. For that, navigate to following page in the CoreOne Suite: SSO → Application → CoreOne Suite → Choose any client that you want to configure (Pencil-button on the right side of the client).

You can configure the lifetime of following 4 types of tokens:

Identity-token:

The identity token is used, that the CoreOne Suite knows that the user is authenticated. You will get this token after you started a session.

Access token:

The access token is used for getting access to the client of an specific user. You will get this token after the login to the CoreOne Suite.

Authorizationcode token:

??

Sliding refresh token:

This is used to refresh you’re identity and access token when they expire. So you can stay logged in, because you will get new tokens.

Logout while inactive

We’re able to set a specific time when the user should get logged off while he was inactive. Inactive means, that the user won’t execute any process in the CoreOne Suite in a period of time. You can set this parameter in the following .json file: FrotendWeb_ApplicationConfiguration.json

This file is in the following path: C:\ProgrammData\itsense\Configuration\FrotendWeb_ApplicationConfiguration.json

SSO Cockie

We can set the Time-out lenght of the session cockie from the “Authentication Service“. This is configured in the IIS (Internet Information Services).

To set the time for the time-out, navigate to following page in the IIS: Sites → CoreOne Authentication Service → Session State

On the bottom of this page you will see the the configuration for the Time-out (in minutes). Here you can set the time, how long the SSO cockie should be valid.