PROMPT (for auto logout)
The PROMPT
element provides a feature that allows a user to resume an
application after an auto logout event.
Syntax
<PROMPT Timeout=seconds Type={"URL"|"DELEGATE"}>url</PROMPT>
- seconds is the number of seconds as the allowed time for a user to re-log in.
- The
Type
attribute has a value of eitherURL
orDELEGATE
. This attribute is mandatory. See Security considerations. - url is either the application URL or the delegation service URL, depending on
the value set by
Type
.
Usage
You use this element to configure a re-log-in prompt, which allows a user to resume activity after an auto logout event is detected. A message is displayed for a set period of time notifying the user that a re-log in is needed to continue. If the user resumes the application during the prompt's timeout period, the application resumes, otherwise the application stops.
Usage example: Type URL
PROMPT
element. The timeout duration is set to
200 seconds, which means that a page is displayed for that period of time notifying the
user that they must log in again to continue.When using PROMPT
of Type
URL, no
security check is done to ensure that the request to resume the application comes from a
valid user. Therefore you must use prompt of type URL only for prototyping purposes.
<AUTO_LOGOUT_COMPONENT Id="cpn.wa.autologout">
<TIMEOUT>20</TIMEOUT>
<PROMPT Timeout="200" Type="URL">http://localhost:6394/prompt.html</PROMPT>
</AUTO_LOGOUT_COMPONENT>
Usage example: Type Delegate
PROMPT
element. The timeout duration is set to
200 seconds, which means that a page is displayed for that period of time notifying the
user that they must log in again to continue. <AUTO_LOGOUT_COMPONENT Id="cpn.wa.autologout">
<TIMEOUT>20</TIMEOUT>
<PROMPT Timeout="200" Type="DELEGATE">services/OpenIDConnectServiceProvider</PROMPT>
</AUTO_LOGOUT_COMPONENT>
Security considerations
When using PROMPT
of Type
URL, no
security check is done to ensure that the request to resume the application comes from a
valid user. Therefore you must use prompt of type URL only for prototyping purposes.
We recommend you use the DELEGATE
mechanism for security reasons because when
the /ua/resume request is forwarded to the delegate service,
additional tokens can be checked to ensure the user has been properly identified
before resuming the application.