How-to configure logout timeouts

Owned by Gregory Bobst
Last updated: 22. Nov 2024 by Andreas Marinello
2 min read

Introduction

This article provides detailed instructions on how to configure logout timeouts in the CoreOne Suite. It explains the available options, how to adjust the timeout settings, and the implications for user sessions and security.

On this page, you will find more information about the lifetime of tokens and details about the clients. It covers how token lifetimes are managed and how they can be configured for specific clients. Client

Tokens

When authenticating to any application, the various lifetime settings in the client configuration will affect the user experience. You can configure the lifetime of any token for any client in the CoreOne Admin User Interface. To do this, navigate to the following page in the CoreOne Suite Admin User Interface:

SSO → Application → CoreOne Suite → Choose any client that you want to configure (Pencil-button on the right side of the client).

For more information about tokens and their lifetimes, please visit: Token

Inactivity Logout - Admin UI

If the user remains inactive (i.e., no requests are made) for a specified period, the application will log the user out. This timeout duration can be configured during installation or later in the .json file: FrotendWeb_ApplicationConfiguration.json found at C:\ProgrammData\itsense\Configuration\

The setting is named InactivityLogoutTimespanInMinutes and you see an example on line 4:

{ "AutoRefreshToken": true, "EnableInactivityLogout": true, "InactivityLogoutTimespanInMinutes": 30, "CommunicationCertificateSubject": "Default.Communication.CoreOne.ITSENSE.local", "LoginAuthority": "https://coslogin.local:5000/", "BackendServiceHostname": "localhost", "UseDevelopmentDirectViewLoadingEngine": true, "UseOpenTelemetry": false, "OpenTelemetryCollectorEndpoint": "https://otlp-gateway-prod-eu-west-2.grafana.net/otlp/v1/traces", "OpenTelemetryCollectorMetricsEndpoint": "https://otlp-gateway-prod-eu-west-2.grafana.net/otlp/v1/metrics", "OpenTelemetryCollectorHeaders": "Authorization=Basic NjkyODA0OmV5SnJJam9pWX...FpT2prd01EUTVPSDA9", "OpenTelemetryCollectorProtocol": "HttpProtobuf" }

Please be aware to recycle all Admin IIS Pools in order for this change to take effect.

SSO Session Cookie - IdP Setting

The duration for which the IdP's session cookie is retained can be configured within the CoreOne Admin User Interface.

Navigate to Single Sign-On (SSO) → Settings

These settings are of interest:

  • LoginCookieExpiration in seconds
    Specifies how long a session cookie is retained. See Setting 13 in Settings

  • LoginCookieExpiration is sliding
    This is a boolean value that determines whether the login cookie should follow a sliding expiration period and therefore be extended with new requests. See Setting 14 in Settings

  • EnableRememberMe
    Decide whether to show the 'Remember Me' button on the authentication page. See Setting 11 in Settings

  • RememberMeDuration in seconds
    The lifetime of the remember me cookie in seconds. See Setting 12 in Settings

IIS Cookie Setting

In the IIS Manager navigate to: Sites → CoreOne Authentication Service / CoreOne Web Service / CoreOne Self-Service → Session State → Cookie Settings

It is advised to set this setting according to LoginCookieExpiration in seconds

 

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.