[keycloak-user] Problems with expired user action emails
Samuel Otter
samuel.otter at gmail.com
Mon Nov 23 04:59:25 EST 2015
Hi,
No we use the execute-actions-email REST endpoint.
mån 23 nov. 2015 kl 10:17 skrev Stian Thorgersen <sthorger at redhat.com>:
> How are you creating the user action emails? Is it through the admin
> console?
>
> On 19 November 2015 at 11:38, Samuel Otter <samuel.otter at gmail.com> wrote:
>
>> Hi,
>>
>> We have discovered a somewhat strange behavior with the User Action
>> timeouts. We need to have a fairly long User Action timeout but the links
>> provided in the emails to the users expire well before that time. After
>> some digging around in the source code I think this is because both a user
>> and a client session is created for the user action, but when the user
>> session expires and is removed the client session is also removed with it.
>> If we set the User Session SSO timeout to the same value it does indeed
>> seem to work as expected.
>>
>> This seems unintentional and I can't really see why the user session is
>> created at all in this case as it is not really used as far as I can tell
>> (the client session id is used in the email link)? OTOH I am not sure why
>> the client session is removed when the user session expires? Or have we
>> completely misunderstood how this is supposed to work?
>>
>> Anyway, as it is you can't really have a User Action timeout that is
>> longer than the SSO Session timeout.
>>
>> Thanks,
>> Samuel Otter
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151123/2481085e/attachment.html
More information about the keycloak-user
mailing list