We have applied the Shared Case via Framework or Common App (Cleanest Architecture). to access the constellation cases (APP B) in traditional applicaiton (APP A)
But - we could seee the repetitive log out and the re-login fail for all the times if we use SSO.
The Non-SSO operators are able to access the application without issues.
Any solutions ?
Please find below an explanation found via a GenAI Tool search against our documentation.
**Please validate against our existing resources **
This is a known architectural limitation when switching between Traditional UI and Constellation applications using SSO.
There is a limitation in the Constellation app-switch URL generation logic that fails to carry forward the current authentication context.
The issue occurs because:
Constellation’s logout mechanism uses a platform logout API that returns an HTML response with a redirect URL
When combined with SSO services that automatically re-authenticate users, this creates a logout/login loop
This is exacerbated with shared cases across application boundaries, as each application switch in Constellation triggers a logout-login sequence to clear the requestor cache
In the current scenario, we’ve proposed a solution to associate a authentication service by default to the application (for ex, SAML). But if the application has other users who also login with OIDC or any other authentication mechanisms then this solution creates another problem i.e., User with OIDC access logs into App A using their login URL and then switches to App B(which by default points to SAML hence the AuthServiceScreenSelector by default redirects to the SAML based IDP screen), while infact this user expects to automatically login with their existing OIDC session. Hence, whatever proposed solution is mentioned above will only work when there is only one SSO authentication service which can be set as default but if there is more than one auth service we will have the mentioned problem.
We raised a documentation enhancement and you can now find information here:
New Troubleshooting topic is here in 25.1: https://docs.pega.com/bundle/platform/page/platform/security/sso-login-switch-from-constellation.html
NOte that the issue was not replicated in the upcoming Pega Infinity release.