Project and Portfolio Management Practitioners Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

generic SSO sessions don't close?

Highlighted
erik_c
Regular Collector

generic SSO sessions don't close?

We're testing generic single sign-on and I'm finding that users can't really log out except by closing their browser, and the sessions (as shown in the work bench server logon report) don't close until they timeout. Has anyone else seen this? We don't want this to become a memory or performance issue when the user base increases.

7 REPLIES
erik_c
Regular Collector

Re: generic SSO sessions don't close?

So...has anyone implemented SSO?

dirkf
Honored Contributor

Re: generic SSO sessions don't close?

oseHi Eric,

 

for PPM the session timeout parameter is per default set to 120 minuttes.. If you need a certain timeout value to be set, then use the parameter

KINTANA_SESSION_TIMEOUT

Time set to elapse before the PPM Server terminates a user session (in the PPM Workbench or standard interface) because of inactivity. A value of 0 denotes no timeout. Valid values are between 10 and 720 minutes.

 

Ensure that single sign-on timeout is consistent with PPM timeout parameters. If single sign-on timeout is significantly shorter than PPM timeout, an error may occur.

 

Refer to Appendix A of the System Administrator Guide and Reference for the list of PPM timeout parameters.

Best regards,

Dirk

Nick Bucher
Super Collector

Re: generic SSO sessions don't close?

Hi Erik,
we are running single sign on with HP PPM over an IIS server and it works fine.
It is a lot more userfriendly when the user don't have to think about login / logout a webserver.

At the beginning the SSO configuration not worked for some users... They had a "packet size" error.
After increasing the packet size in the IIS and in the tomcat server.xml file it worked correct.

Because some users complained that the default session timeout (120min) is not enough to fill out the timesheet
we doubled this parameter:
com.kintana.core.server.KINTANA_SESSION_TIMEOUT=240

A side effect of this change was that we reached the pool size of the database sessions.
So, we increased this parameter too:
com.kintana.core.server.MAX_DB_CONNECTIONS=150

We noticed that a lot of sessions staying open the whole four hours, but the system is not to busy and runs well.
regards, Nick

erik_c
Regular Collector

Re: generic SSO sessions don't close?

Thanks for the input. I'll keep watching the connections & memory as we roll out to more users, it may not end up being an issue. But it would be nice to be able to configure a redirect to the SSO server's logout page instead of users just getting a "error-looking" message telling them to close their browser.

Jamie Pick
Regular Collector

Re: generic SSO sessions don't close?

In our implementation of SSO, we hid the 'Sign-Out' button so that they wouldn't see the message you're referring to. They close the browser and they're logged out.

 

Thanks,

 

Jamie

aj_f_Uj
Acclaimed Contributor

Re: generic SSO sessions don't close?

Hey Eric, What steps did you follow to configure Generic SSO? What did you put in SSO.conf and server.conf ? Any other configuration needed. I am trying to finish this in next 4 days..So appreciate faster response..
Erik Cole
Honored Contributor

Re: generic SSO sessions don't close?

From the PPM side we just followed the instructions in the guide.

 

Server.conf contains:

 

com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN=com.kintana.sc.security.auth.GenericSingleSignOn



And sso.conf:

 

# sso.conf

###################
# Global Settings #
###################
USERNAME=X-REMOTE_USER

//Add this to "OnDomLoad" event