It appears that when the Automatic Inactivity Detection logs out a user, hitting the "Login" button (which uses the Login action) will log the previous user straight back in again without the need to re-enter username/password. However, if a user hits the "Logout" button (using the Logout action) then the next user is required to authenticate when logging in.
Is this differing behaviour intentional? Is there another setting that I'm missing that will force a reauthentication on an automatic inactivity logout?
Thanks in advance.
You might need to mention OS, browser and which identity provider you're using.
Tested on Windows 10 using Chrome and Ignition Workstation. Also tested on Windows Server 2016 with Ignition Workstation. Using a Windows Domain IDP.
On the login action there should be an option for 'Ask IDP to re-authenticate users'.
You can set this to be disabled, follow project settings, or enabled. If it set for project settings, make sure 'Always ask the ID to re-authenticate users' is enabled in the general project settings, or you can set it to enabled for that specific button.
This should force the session to ask for new credentials. If this is already enabled and the session is not requiring new credentials when logged out for inactivity, it may be a bug.
Thanks Ryan, that look's to have fixed the issue.
I'm still a little unclear on the subtleties of why the two logout methods give different results without forcing reauthentication? Seems like a trap that could be fallen into in future.