[keycloak-user] "You took too long to login" after first login request after SSO session idle occurs (NOT login timeout)

Marek Posolda mposolda at redhat.com
Fri Mar 16 04:43:19 EDT 2018 

On 14/03/18 13:53, Jordan Keith wrote:
> We do refresh the token in our application every few minutes, so it's 
> not really an issue for us.
>
> The reason we are using this setup is because Chrome and other 
> browsers don't delete session cookies if they are set to remember a 
> users opened tabs, so a user's session will remain active until the 
> SSO Session Idle timeout is hit if they close the tab. We don't want 
> their session to remain open for more than the accessTokenLifespan 
> unless they are active.
>
> I have created KEYCLOAK-6839, but don't seem to be able to assign it 
> to anybody. Thanks for your help.
Thanks,

Marek
>
> Thanks,
> Jordan
>
> ------------------------------------------------------------------------
> *From: *"Marek Posolda" <mposolda at redhat.com>
> *To: *"Jordan Keith" <j.keith at xsb.com>, "keycloak-user" 
> <keycloak-user at lists.jboss.org>
> *Sent: *Wednesday, March 14, 2018 1:53:02 AM
> *Subject: *Re: [keycloak-user] "You took too long to login" after 
> first login request after SSO session idle occurs (NOT login timeout)
>
> I think I know what's going on. Could you please create JIRA and 
> assign to me?
>
> BTV. We never tested setup where accessTokenLifespan is bigger than 
> session idle timeout.  It's a bit strange setup as your session will 
> most likely always timeouts before you have a chance to refresh 
> tokens. So user will defacto need to re-login every 15 minutes. But if 
> you are fine with this limitation, then ok :)
>
> Marek
>
> On 13/03/18 22:00, Jordan Keith wrote:
>
>     I am using version 3.4.3.
>
>     Thanks,
>     Jordan
>
>     ------------------------------------------------------------------------
>     *From: *"Marek Posolda" <mposolda at redhat.com>
>     *To: *"Jordan Keith" <j.keith at xsb.com>, "keycloak-user"
>     <keycloak-user at lists.jboss.org>
>     *Sent: *Tuesday, March 13, 2018 4:31:17 PM
>     *Subject: *Re: [keycloak-user] "You took too long to login" after
>     first login request after SSO session idle occurs (NOT login timeout)
>
>     What is Keycloak version used? Could you try with latest 3.4.3?
>
>     Marek
>
>     On 12/03/18 13:22, Jordan Keith wrote:
>     > We have set the SSO Session Idle to 13 minutes to match our
>     access token lifespace of 15 minutes in order to workaround the
>     fact that browsers may not delete session cookies. This has caused
>     another issue, whereby the user receives the error "You took too
>     long to login. Login process starting from beginning" even when
>     they spend no time waiting on the login screen in a certain
>     scenario. Here's the scenario:
>     >
>     > 1). Log into application.
>     > 2). Close browser tab containing application.
>     > 3). Wait 15 minutes (SSO idle + 2 minute grace period)
>     > 4). Open application again. You'll be directed to the login page
>     by keycloak.
>     > 5). Attempt to login and receive the error "You took too long to
>     login. Login process starting from beginning."
>     >
>     > Why do I receive this error even when I attempt to login
>     immediately after opening the log in page?
>     > _______________________________________________
>     > keycloak-user mailing list
>     > keycloak-user at lists.jboss.org
>     > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>

More information about the keycloak-user mailing list