[keycloak-user] Login timeout
Juraci Paixão Kröhling
juraci at kroehling.de
Thu Jul 16 11:04:18 EDT 2015
Thanks for your answer. While I understand what happens in the
background, I still have some concerns about the user experience of this
process. More inline.
On 07/16/2015 12:07 AM, Bill Burke wrote:
> Yeah, we are fixing timeouts a little. There are 2 timeouts: Timeout
> of a login action. This happens if you take too long in the login
> process. In this case the login session is still active in memory.
> What we'll do is just redirect the user to the login screen to start
> over and give them this error message. "You took too long to login.
> Please restart login process.".
For this timeout, I don't see a reason why it can't just start a fresh
login session and perform the login with the provided credentials. I'm
with the basic scenario in mind, and I realize that this might not
*always* be possible, but the server should know which scenarios are
possible and which aren't, right? From the user's perspective, I can't
understand why my credentials weren't accepted on the first time, but
accepted on the second time, a couple of seconds later.
> Next one is timeout of the session. When this happens, we have no
> information on how to complete the login. Information like the SAML
> Request or OIDC query parameters. In this case we will be redirecting
> back to the client. Client will choose whether to restart
> authentication over or not.
This seems trickier, but similar to the above: the server knows (based
on the realm) if just starting a new session is enough, no?
> I'm not sure we can fix this. If there is a session timeout, we have no
> information on how to complete the authentication as this information
> has been wiped out. So the only option is to redirect back to the
> client in this situation.
Actually, the user is *not* redirected back to the original application.
Entering the login/password again will just do the right thing: the user
will be logged in, and then redirected back to the original application.
More information about the keycloak-user