[keycloak-user] "You took too long to login" after first login request after SSO session idle occurs (NOT login timeout)

Jordan Keith j.keith at xsb.com
Wed Mar 14 08:53:23 EDT 2018


We do refresh the token in our application every few minutes, so it's not really an issue for us. 

The reason we are using this setup is because Chrome and other browsers don't delete session cookies if they are set to remember a users opened tabs, so a user's session will remain active until the SSO Session Idle timeout is hit if they close the tab. We don't want their session to remain open for more than the accessTokenLifespan unless they are active. 

I have created KEYCLOAK-6839, but don't seem to be able to assign it to anybody. Thanks for your help. 

Thanks, 
Jordan 


From: "Marek Posolda" <mposolda at redhat.com> 
To: "Jordan Keith" <j.keith at xsb.com>, "keycloak-user" <keycloak-user at lists.jboss.org> 
Sent: Wednesday, March 14, 2018 1:53:02 AM 
Subject: Re: [keycloak-user] "You took too long to login" after first login request after SSO session idle occurs (NOT login timeout) 

I think I know what's going on. Could you please create JIRA and assign to me? 

BTV. We never tested setup where accessTokenLifespan is bigger than session idle timeout. It's a bit strange setup as your session will most likely always timeouts before you have a chance to refresh tokens. So user will defacto need to re-login every 15 minutes. But if you are fine with this limitation, then ok :) 

Marek 

On 13/03/18 22:00, Jordan Keith wrote: 



I am using version 3.4.3. 

Thanks, 
Jordan 


From: "Marek Posolda" [ mailto:mposolda at redhat.com | <mposolda at redhat.com> ] 
To: "Jordan Keith" [ mailto:j.keith at xsb.com | <j.keith at xsb.com> ] , "keycloak-user" [ mailto:keycloak-user at lists.jboss.org | <keycloak-user at lists.jboss.org> ] 
Sent: Tuesday, March 13, 2018 4:31:17 PM 
Subject: Re: [keycloak-user] "You took too long to login" after first login request after SSO session idle occurs (NOT login timeout) 

What is Keycloak version used? Could you try with latest 3.4.3? 

Marek 

On 12/03/18 13:22, Jordan Keith wrote: 
> We have set the SSO Session Idle to 13 minutes to match our access token lifespace of 15 minutes in order to workaround the fact that browsers may not delete session cookies. This has caused another issue, whereby the user receives the error "You took too long to login. Login process starting from beginning" even when they spend no time waiting on the login screen in a certain scenario. Here's the scenario: 
> 
> 1). Log into application. 
> 2). Close browser tab containing application. 
> 3). Wait 15 minutes (SSO idle + 2 minute grace period) 
> 4). Open application again. You'll be directed to the login page by keycloak. 
> 5). Attempt to login and receive the error "You took too long to login. Login process starting from beginning." 
> 
> Why do I receive this error even when I attempt to login immediately after opening the log in page? 
> _______________________________________________ 
> keycloak-user mailing list 
> [ mailto:keycloak-user at lists.jboss.org | keycloak-user at lists.jboss.org ] 
> [ https://lists.jboss.org/mailman/listinfo/keycloak-user | https://lists.jboss.org/mailman/listinfo/keycloak-user ] 








More information about the keycloak-user mailing list