LOGOUT from a vision client session

When I launch a vision client Launcher and open and login to one of the projects, I remain logged in even after closing or Logging out of the client application that opens the browser! When I relaunch the client it says your are successfully logged in ! I am trying to login as a different user next time, but it doesn’t display the login screen, it just says your are successfully logged in! (This is with IDP mode of authentication not classic). Is it maintaining the client session ON! (The server and client are on same machine, localhost). How long the client session remains ON? Gateway time out setting in config section is for Gateway login , not for client session I guess? Where to change the client session expiry setting? Not very Intuitive!

Ignition version?

8.1.11

Every time you open a vision client, a new session is created in Vision. In your case, the IdP authentication strategy is set, which displays a splash screen with a button to log into the IdP. When you click the button, your system’s default web browser is opened and navigated to the IdP for authentication. Once you authenticate at the IdP, it redirects you back to the Gateway, which links the authentication response with your new Vision session.

If your web browser already has an authenticated session with the IdP, you will not be required to login. This is how IdP authentication works in general (SSO in the web). This functionality assumes a single user per device. It improves security and usability by reducing the number of times you have to re-enter your credentials for every app you log into. If you have a shared device, this is not desired. In this case, you can Always ask the IdP to re-authenticate users by default in Designer > Project Menu > Properties > General, which will make the Gateway ask the IdP to re-verify the user’s credentials by default for every IdP request which comes from the project. If you’re using Ignition’s internal IdP, you can also reduce the session timeout to as low of a value as possible.

There are also some good safeguards brought up in this post: [BUG] Perspective auto logout fails to actually log out of IdP - #6 by nicholas.robinson - on shared workstation web browsers, you can disable (1) the ability to allow users to store credentials, (2) the ability to allow users to automatically sign into web sites, and (3) disable storage of cookies. While this post was more geared towards a Perspective project, this would also apply to Vision as well, since the system’s default web browser is used for IdP authentication.

4 Likes

this solves my problem for now. I will look into session time out option in " Ignition Identity Provider" and perspective sessions later.

Thanks a lot.

1 Like