[keycloak-user] SSO Session Idle Timeout for Direct Grants
Schneider, John DODGE CONSULTING SERVICES, LLC
John.Schneider at carrier.utc.com
Thu Aug 21 13:44:08 EDT 2014
Hi,
I'm finding that access tokens and refresh tokens are being invalidated after the setting in the "SSO Session Idle Timeout" has elapsed for the direct-grant API. Considering the direct-grant API enables browser-less application-to-application security, I'm not convinced that this is the right approach for many use cases. For reliable authorization and access token validation, it basically requires setting the "SSO Session Idle Timeout" to the value of the Access Token timeout, which for many use cases will be measured in hours or even days.
Is there a good reason that "SSO Session Idle Timeout" should even be considered for direct-grants?
Thanks,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140821/711b9679/attachment.html
More information about the keycloak-user
mailing list