[keycloak-user] Problems with expired user action emails

Stian Thorgersen sthorger at redhat.com
Mon Nov 23 04:17:23 EST 2015


How are you creating the user action emails? Is it through the admin
console?

On 19 November 2015 at 11:38, Samuel Otter <samuel.otter at gmail.com> wrote:

> Hi,
>
> We have discovered a somewhat strange behavior with the User Action
> timeouts. We need to have a fairly long User Action timeout but the links
> provided in the emails to the users expire well before that time. After
> some digging around in the source code I think this is because both a user
> and a client session is created for the user action, but when the user
> session expires and is removed the client session is also removed with it.
> If we set the User Session SSO timeout to the same value it does indeed
> seem to work as expected.
>
> This seems unintentional and I can't really see why the user session is
> created at all in this case as it is not really used as far as I can tell
> (the client session id is used in the email link)? OTOH I am not sure why
> the client session is removed when the user session expires? Or have we
> completely misunderstood how this is supposed to work?
>
> Anyway, as it is you can't really have a User Action timeout that is
> longer than the SSO Session timeout.
>
> Thanks,
> Samuel Otter
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151123/a3314cec/attachment.html 


More information about the keycloak-user mailing list