2

Unlike IAM sign-in, when my SSO session expires there appears to be no way to establish a new session and be returned to the console page I was last browsing.

As background (if it's relevant) I am using Azure AD as an external SAML identity provider.

When the session expires I get the following SessionExpiryPage:

SessionExpiryPage

Clicking the first link I am sent to the following page:

PageNotFound

Clicking this link I am returned to the user portal and then after selecting account & permission set I'm being sent to the console home (not the page I was the last viewing)

AWS support seems to indicate this is normal behaviour but I am scratching my head for a few reasons:

  1. There appears to be no point to having two pages between expiry and the user portal - it introduces a pointless extra mouse click.
  2. The wording of the second-page's content is suggestive that something went wrong and that this is not part of a normal or expected workflow (whereas sessions are expected to expire)
  3. The link in the SessionExpiryPage appears to have some encoded info (perhaps page state?) that ultimately gets lost. Why is it there?

Can anyone confirm if they have the same experience? Is there a way to change this?

davegravy
  • 888
  • 11
  • 28
  • 1
    Try opening a new page, logging in on that page, and refreshing the timeout page. Ultimately the SSO experience is a collaboration between the provider and the SSO client app, and complexity arises from both parties needing to own separate landing pages. – Dan Monego Dec 26 '20 at 18:42
  • @Dan Monego: I've tried this - opened a number of tabs for different AWS services and waited for session expiry. After expiry there are 3 possible situations: 1) tab has the same content it had before expiry, 2) tab has a modal popup with a blue "reload" button, 3) tab is sitting at the AWS login page (for IAM/root account). Of these situations, after logging in from a separate page as you suggest, situation 3 (the most common) can not be recovered. 1 and 2 will return to previous page state with reload. – davegravy Dec 27 '20 at 03:37
  • Each AWS service is managed by a separate team, with its own goals to implement the control panel as is most effective for that service. The issues you have are organizational, not technical. – Dan Monego Dec 28 '20 at 16:54

0 Answers0