[keycloak-user] SSO for multiple applications – Session Timeout sync
abhishek raghav
abhi.raghav007 at gmail.com
Tue May 22 08:03:58 EDT 2018
Hi
I have configured two apps in a single realm, one is protected by mod-auth
openidc and other is a SAML type client.
SSO and SLO works as expected and no problem with that.
I have a small doubt regarding a scenario, if anyone could clarify -
- SSO session max is set as 8 hours. If a user is logged in for 8 hours.
After 8 hours the KEYCLOAK_SESSION will be timed out. Is it possible that
local SAML app cookie can also be invalidated after 8 hours, or can
keycloak invalidated the local SAML cookie/session like how it happens on
SLO (single logout).
- Right now what happens if a user leave his/her laptop overnight and
opens next day, keycloak cookie is invalided due to max session age but the
old app cookie still remains in the browser. is there a way to force
authenticate even if a local SAML cookie already present in the browser.
- In other words if the SSO cookie is timeout due to SSO max then is
there a way that local app cookies can also be invalidated which are
attached with that SSO session for a user.
I need to keep these sessions in sync in terms of session timeouts. Based
on my understanding no IDP really supports this kind of behavior as IDP is
not aware of all these 'local sessions'.
I was wondering can someone suggest any solution for this. Alternatively,
are there any best practices/recommendations available.
*- Best Regards*
Abhishek Raghav
More information about the keycloak-user
mailing list