Skip to main content
Skip table of contents

IDP Sessions in Audit

In version 3.7, a new page was added in the Audit section, containing the IDP sessions created by the users. IDP sessions are the sessions created by the IDP, wrapping one or more Veridium Authentication sessions.

IDP session details

The following image presents an example of the IDP session details page:

Screenshot 2024-09-19 at 13.20.07.png

In the first part, there are a few generic pieces of information about the IDP session (ID, identity details, creation and expiration time, status), the authentication flows used inside this session (Veridium Journey or SPNEGO), and Exploiter Device information

The second part contains a table with all of the users authentications with different applications through the current IDP session. Each such authentication is mapped to a Veridium Authentication session, which can be visible and accessible from the first column of the table.

There may be cases where there are several consecutive entries in the table which correspond to the same Veridium authentication session. This means that the Veridium Authentication Session was reused when connecting to one or more applications, through the Single-Sign On mechanism. When such a Veridium session expires and can’t be reused anymore, the user will have to authenticate again, creating a new Veridium authentication session connected to the same IDP session. This same process can be repeated until the IDP session itself expires.

Revocation

The revocation operation of an IDP session, which can be found on the right side of the page, invalidates the current IDP session. This means that the next time the user comes to the IDP to authenticate with the revoked session, the user will have to authenticate again and a new IDP session will be created. However, this mechanism doesn’t act like an immediate logout for the user. He will be able to continue to interact with the applications as long as the token he uses is valid and not expired.

The revocation action updates the status of the IDP session to REVOKED_BY_ADMIN and it’s present in the audit log.

IDP session raw details

Screenshot 2024-09-19 at 13.46.16.png

This view shows the details of the IDP session in a JSON format. Besides the generic information about the IDP session, the JSON contains an “authentications” array for each of the authentications presented in the details page. Each one contains a start and expiration time (the time until they can be reused), and a set of attributes provided by the IDP.

IDP session table

Screenshot 2024-09-19 at 12.55.48.png

Lastly, this feature introduced a table with all of these IDP sessions, similar to the already existent Authentication Sessions table.

In this table, some generic pieces of information about the IDP session can be found, such as the Identity (UPN or external ID), the start and expiration timestamps, the status (ACTIVE, EXPIRED, REVOKED_BY_ADMIN) and a link to the session’s details page.

The table also provides the possibility of searching, as presented in the following image:

Screenshot 2024-09-19 at 13.55.23.png

All of these search filters are performed against the IDP session’s attributes, which were presented in the IDP session details raw view section.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close