|
|
|
|
|
|
|
|
Successful termination of Web Sessions, which results in accurate profile assignments for users, is a combination of:
User Training (iPrism Logouts) and Session Timeouts (for Transparent-Mode), with the possible addition of automated iPrism logouts using a Logout Script.
When a client browser proxies to iprism and basic authentication is used, when the browser is closed, the session is over. Each window/session is independently authenticated. Train users to close the browser, and log-off.
Additionally, iPrism provides an explicit logout capability. The url is "http://iprism-name-or-ip/logout". This logout page allows users to explicitly logout of iPrism. You may put the url in a logout script to ensure users logout of iPrism when they logout of Windows.
In Transparent-Mode with HTTP authentication, authentication credentials are cached for the length of a definable iPrism timeout value:
If Auto-Login is in use, the iPrism Transparent Auto-Login Timeout value applies
If credentials are entered then the HTTP/HTTPS Timeout applies.
It is ok to set both Timeouts.
Users should be trained to explicitly logout. The url is "http://iprism-name-or-ip/logout". The logout page allows users to explicitly logout of iPrism (see screen shot above).
You may put the url in a logout script to ensure users logout of iPrism when they logout of Windows.
You may want to deploy an iPrism logout script using Active Directory GPO, see:
iPrism Logout Script - Transparent Mode Auto Login
The more workstation sharing you have, the shorter the above timeouts should be.
Important: Unlike Proxy-Mode, terminating the browser window or logging in/out of Windows does not impact already cached credentials, so it IS important to select timeout values that align with operations, and train users to explicitly logout. Setting the Timeout values is straightforward, see:
