Aligning Sessions Between Your Application and GoodData

If you embed GoodData elements in your application, you must align login sessions.

When your users log in to your application, they also log in to the GoodData platform via Single Sign-On (SSO; see the Single Sign-On Overview) in the background. If the users are active in the application window, but inactive in the GoodData embedded window, the session expires, and they must refresh their GoodData temporary token (TT).

  • When a user logs in, your application keeps a GoodData session alive all the time when there is an active window with your application with embedded GoodData elements.
  • When a user logs out from your application, they also log out from the GoodData platform.

Keeping a GoodData Session Alive

Use JavaScript events and methods that can help you with the embedded dashboard integration. For more information, see Embedded Dashboard Methods and Embedded Dashboard Events.

To keep your session alive, send the following event from the parent window. Sending the event every minute should be enough.

{
  gdc: {
    name: 'auth.refresh'
  }
}

If you need to listen in your parent window (the window where GoodData elements are embedded), listen to the following event:

{
  gdc: {
    name: 'ui.active',
    type: 'app.ok'
  }
}

When you add these events, your application is aware of the user activity inside the iframe with embedded GoodData elements.

Expiration of a Login Session

Session expiration can be tied to user activity. The domain administrator can set the maximum user inactivity time after which a login session expires.

For example, the domain administrator sets the maximum inactivity time to 15 minutes. If a user does not actively work with GoodData for 15 minutes, their login session expires, and the user must log in again.

Logging a User Out

Log out users from the GoodData platform when they log out from your application.

Steps:

  1. Obtain the profile ID of the currently logged-in user:

    • API resource: https://secure.gooddata.com/gdc/account/profile/current

    • Method: GET

  2. Log the user out:

    • API resource: https://secure.gooddata.com/gdc/account/login/{profile_id}

    • Method: DELETE

If your SAML SSO provider supports the Single Logout feature, you can also use the SAML Single Logout feature to log users out from the GoodData platform when they log out of your application or to terminate a user’s GoodData login session on an as-needed basis (for example, when a user leaves your company and you need to terminate all their login sessions). For more information, see SAML SSO with GoodData.