Pega Platform behaviour when Concurrent session limit is exceeded
Hi all,
Our customer has asked to implement concurrent session restrictions to 1. I've checked the documentation provided by Pega (https://docs-previous.pega.com/system-administration/85/specifying-number-concurrent-sessions) and I've some question.
How is Pega behaviour if i try to login with the same user while having another session still active? it displays some error messages? or return a generic message error to the user?
We use SSO standard Authentication (SAML 2.0) in this case what will be Pega behaviour when another session of the same user is authenticated from IdP and forwarded back to Pega?
We have some integrations that user Basic Authentication, the change will affect also the user used for Basic Authentication? (if yes, we will need to use the whitelist DSS to allow concurrent session)
Thank you,
Andrea
Bits In Glass
IN
If you have set the concurrent session limit to 1, and a user tries to log in with the same credentials while another session is still active, Pega will display an error message indicating that the user already has an active session and cannot start a new one.
In case of SSO standard authentication (SAML 2.0), if another session of the same user is authenticated from IdP and forwarded back to Pega, the existing active session for that user will be terminated, and the user will be logged out from the first session. The new session will then be established and the user will be logged in with the latest session.
For the integrations that use Basic Authentication, the change in concurrent session limit will also affect the user used for Basic Authentication. If you need to allow multiple concurrent sessions for a specific user, you can use the "security/session/whitelist" dynamic system setting (DSS) to whitelist that user for concurrent sessions.