-
Type:
Improvement
-
Status: Open
-
Priority:
Critical
-
Resolution: Unresolved
-
Affects Version/s: 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3, 7.0.0
-
Fix Version/s: None
-
Component/s: API descriptor, authentication
-
Labels:None
-
Environment:AM
-
Epic Link:
Allow end users to terminate their own existing sessions without knowing the session without relying on elevated credentials, or without retrieving any existing session handle.
The problem described is similar to OPENAM-13297 but without having to use elevated credentials. This is to allow the user to kill existing session so as to create a new one because a session quota limit has been enforced.
It is a problem for some customers to design solutions that retrieve elevated credentials as this may trigger security concerns and validation processes.
The use case that this is trying to address is when a user logs in exceeding the number of session quota, they are presented with a pop up window asking them if terminating existing session is OK so as to be able to carry on with a new session.