With SAML 2.0 authentication, an automatic login can occur after the end user has terminated their single sign-on session. This behavior gives the impression that the user was not logged out.

In SAML 2.0, the IdP caches authentication information within the browser. This information allows the IdP to automatically reauthenticate a user without the user re-entering their credentials. So, when a user logs out of a SAML 2.0 system, a browser refresh can automatically log the user back in to the system.

For example, a user has two browser windows (or tabs) open—one with Remedy Mid Tier and the other with BMC Helix Digital Workplace. If the user logs out of both Remedy Mid Tier and BMC Helix Digital Workplace, the single sign-on session is terminated. If the user just closes the window of BMC Remedy Mid Tier, accesses the BMC Helix Digital Workplace window, and refreshes the browser, then the browser performs the action as though the user is still logged in to the system. A new single sign-on session was created automatically for the user (due to the auto-login of the IdP).