Prevent concurrent user sessions

[Matt Card]

We would like to prevent a user from being able to authenticate into PWM (2.0.8) with concurrent sessions.   So, if they have an active PWM session, they cannot sign into it the app again at the same time.  I have reviewed the Configuration Editor options available and the previous Group conversations on this, and don't see settings for this.

Are there PWM settings to enforce this or has anyone come up with a solution for this?

Thanks!

[Jason Rivard]

There is not functionality for this.  Since PWM uses distributed session management, it's not possible with current architecture.  It would require some type of centralized session management system.

Can I ask why you want this?  Maybe there is another way to solve the underlying problem you are facing.

[Matt Card]

Thanks for the quick response and explanation, Jason.  We are looking at it in regard to the NIST 800-53 AC-10 control (concurrent session control), so from a security standpoint.