[keycloak-user] Problems with expired user action emails

Samuel Otter samuel.otter at gmail.com
Tue Nov 24 07:50:55 EST 2015 

Thanks, Issue created: https://issues.jboss.org/browse/KEYCLOAK-2125

mån 23 nov. 2015 kl 11:02 skrev Stian Thorgersen <sthorger at redhat.com>:

> Okay, basically same thing ;)
>
> Please create a JIRA issue
>
> On 23 November 2015 at 10:59, Samuel Otter <samuel.otter at gmail.com> wrote:
>
>> Hi,
>>
>> No we use the execute-actions-email REST endpoint.
>>
>> mån 23 nov. 2015 kl 10:17 skrev Stian Thorgersen <sthorger at redhat.com>:
>>
>>> How are you creating the user action emails? Is it through the admin
>>> console?
>>>
>>> On 19 November 2015 at 11:38, Samuel Otter <samuel.otter at gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> We have discovered a somewhat strange behavior with the User Action
>>>> timeouts. We need to have a fairly long User Action timeout but the links
>>>> provided in the emails to the users expire well before that time. After
>>>> some digging around in the source code I think this is because both a user
>>>> and a client session is created for the user action, but when the user
>>>> session expires and is removed the client session is also removed with it.
>>>> If we set the User Session SSO timeout to the same value it does indeed
>>>> seem to work as expected.
>>>>
>>>> This seems unintentional and I can't really see why the user session is
>>>> created at all in this case as it is not really used as far as I can tell
>>>> (the client session id is used in the email link)? OTOH I am not sure why
>>>> the client session is removed when the user session expires? Or have we
>>>> completely misunderstood how this is supposed to work?
>>>>
>>>> Anyway, as it is you can't really have a User Action timeout that is
>>>> longer than the SSO Session timeout.
>>>>
>>>> Thanks,
>>>> Samuel Otter
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151124/5b0115d7/attachment.html

More information about the keycloak-user mailing list