[keycloak-user] Logged out of admin console after a short period of time
Stian Thorgersen
stian at redhat.com
Thu Sep 11 03:58:40 EDT 2014
I've tried to replicate this without luck.
The default timeouts are:
* SSO Session Idle Timeout: 5 min
* SSO Session Max Lifespan: 10 hours
* Access Token Lifespan: 1 min
Are these the numbers you are using? With these numbers the access token expires after 1 min. When the access token has expired it will try to retrieve a new token using the refresh token. If there are no requests to refresh the token for that session within 5 min the session will expire. Basically there's the minimum time you can get logged out after is 4 min (SSO Session Idle Timeout - Access Token Lifespan).
----- Original Message -----
> From: "Joshua Bellamy-Henn" <josh at psidox.com>
> To: keycloak-user at lists.jboss.org
> Sent: Thursday, 11 September, 2014 7:22:44 AM
> Subject: [keycloak-user] Logged out of admin console after a short period of time
>
> Version: 1.0-final
> Setup: Keycloak behind a reverse proxy
>
> Currently after logging in to the Admin Console it seems that after 1-2
> minute I am getting booted back to the login page. I am using default
> timeout settings so it's odd that I am getting kicked out before the 10
> minute session timeout.
>
> Checking the logs after this occurs, I am seeing the following warn:
>
>
>
> 2014-09-11 05:20:05,025 WARN [org.jboss.resteasy.core.ExceptionHandler]
> (default task-123) Failed executing GET
> /admin/realms/abc/applications/website/session-count:
> org.jboss.resteasy.spi.UnauthorizedException: Bearer
>
> at
> org.keycloak.services.resources.admin.AdminRoot.authenticateRealmAdminRequest(AdminRoot.java:153)
> [keycloak-services-1.0-final.jar:]
>
> at
> org.keycloak.services.resources.admin.AdminRoot.getRealmsAdmin(AdminRoot.java:184)
> [keycloak-services-1.0-final.jar:]
>
> at sun.reflect.GeneratedMethodAccessor24.invoke(Unknown Source) [:1.7.0_60]
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.7.0_60]
>
> at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60]
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:81)
> [resteasy-jaxrs-3.0.8.Final.jar:]
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:60)
> [resteasy-jaxrs-3.0.8.Final.jar:]
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:102)
> [resteasy-jaxrs-3.0.8.Final.jar:]
>
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
> [resteasy-jaxrs-3.0.8.Final.jar:]
>
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
> [resteasy-jaxrs-3.0.8.Final.jar:]
>
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
> [resteasy-jaxrs-3.0.8.Final.jar:]
>
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> [resteasy-jaxrs-3.0.8.Final.jar:]
>
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> [resteasy-jaxrs-3.0.8.Final.jar:]
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>
> at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> org.keycloak.services.filters.ClientConnectionFilter.doFilter(ClientConnectionFilter.java:41)
> [keycloak-services-1.0-final.jar:]
>
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:40)
> [keycloak-services-1.0-final.jar:]
>
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>
> at
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [rt.jar:1.7.0_60]
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [rt.jar:1.7.0_60]
>
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60]
>
>
>
>
> Any ideas what's going wrong?
>
> Thanks,
>
> Josh
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list