[keycloak-user] Problems with expired user action emails

[Stian Thorgersen]

Okay, basically same thing ;)

Please create a JIRA issue

On 23 November 2015 at 10:59, Samuel Otter <samuel.otter at gmail.com> wrote:

> Hi,
>
> No we use the execute-actions-email REST endpoint.
>
> mån 23 nov. 2015 kl 10:17 skrev Stian Thorgersen <sthorger at redhat.com>:
>
>> How are you creating the user action emails? Is it through the admin
>> console?
>>
>> On 19 November 2015 at 11:38, Samuel Otter <samuel.otter at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> We have discovered a somewhat strange behavior with the User Action
>>> timeouts. We need to have a fairly long User Action timeout but the links
>>> provided in the emails to the users expire well before that time. After
>>> some digging around in the source code I think this is because both a user
>>> and a client session is created for the user action, but when the user
>>> session expires and is removed the client session is also removed with it.
>>> If we set the User Session SSO timeout to the same value it does indeed
>>> seem to work as expected.
>>>
>>> This seems unintentional and I can't really see why the user session is
>>> created at all in this case as it is not really used as far as I can tell
>>> (the client session id is used in the email link)? OTOH I am not sure why
>>> the client session is removed when the user session expires? Or have we
>>> completely misunderstood how this is supposed to work?
>>>
>>> Anyway, as it is you can't really have a User Action timeout that is
>>> longer than the SSO Session timeout.
>>>
>>> Thanks,
>>> Samuel Otter
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151123/7e4d0982/attachment.html