PROMPT (for auto logout)
The PROMPT
element provides a feature that allows a user to resume an
application after an auto logout event.
Syntax
<PROMPT Timeout=seconds Type={"URL"|"DELEGATE"}>url</PROMPT>
- seconds is the number of seconds as the allowed time for a user to re-log in.
- The
Type
attribute has a value of eitherURL
orDELEGATE
. This attribute is mandatory. See Security considerations. - url is either the application URL or the delegation service URL, depending on
the value set by
Type
.
Usage
You use this element to configure a re-log-in prompt, which allows a user to resume activity after an auto logout event is detected. A message is displayed for a set period of time notifying the user that a re-log in is needed to continue. If the user resumes the application during the prompt's timeout period, the application resumes, otherwise the application stops.
Usage example: Type URL
<AUTO_LOGOUT_COMPONENT Id="cpn.wa.autologout">
<TIMEOUT>0</TIMEOUT>
<PROMPT Timeout="200" Type="URL">http://localhost:6394/prompt.html</PROMPT>
</AUTO_LOGOUT_COMPONENT>
Usage example: Type Delegate
<AUTO_LOGOUT_COMPONENT Id="cpn.wa.autologout">
<TIMEOUT>0</TIMEOUT>
<PROMPT Timeout="200" Type="DELEGATE">services/OpenIDConnectServiceProvider</PROMPT>
</AUTO_LOGOUT_COMPONENT>
Security considerations
When using PROMPT
of Type
URL, no security check is done to
ensure that the request to resume the application comes from a valid user. Therefore you must use
prompt of type URL only for prototyping purposes.
We recommend you use the DELEGATE
mechanism for security reasons, because when
the /ua/resume request is forwarded to the delegate service, you can check
additional tokens to ensure the user has been properly identified before resuming the
application.