<div dir="ltr">I suspect the issue is down to the HTTP sessions ot the Keycloak Proxy timing out. The default timeout is 30 minutes and we don't currently have a way of configuring that in the Keycloak Proxy. Can you create a JIRA for it?</div><div class="gmail_extra"><br><div class="gmail_quote">On 23 June 2016 at 03:04, Chris Pitman <span dir="ltr"><<a href="mailto:cpitman@redhat.com" target="_blank">cpitman@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
----- Original Message -----<br>
<br>
><br>
> Quite likely it's the session that is no longer valid, not just the token.<br>
> If the access token is not valid (this is 5min by default) it will be<br>
> refreshed by the proxy (valid as long as the user session is valid).<br>
><br>
> Once the user session is no longer valid the user is required to<br>
> re-authenticate to Keycloak which causes the redirect to Google. This<br>
> happens by default after the session has been idle 30 min (no token<br>
> refreshes) or after 10 hours. You can change the timeouts through the admin<br>
> console.<br>
><br>
<br>
</span>I've tried setting both "SSO Session Idle" and "SSO Session Max" to 1 Day, but see this issue where the proxy redirects to keycloak which redirects to google after about 1 hour. Is there another setting I need to change?<br>
</blockquote></div><br></div>