Re: [keycloak-dev] Offline Session Max for Offline Token

Hello, I agree with you. The specification seems to be as follows. * As default, operate as current Offline Access does, namely "Offline Session Max" concept is not adopted. * On Admin Console, have "Offline Session Max Limited" ON/OFF switch. If ON, show "Offline Session Max" dropdown whose default value is "60 days". If Off, it disappears. Default is OFF. * In Model, not use something to keep "Offline Session Max Limited" ON/OFF switch setting. Only use int to keep "Offline Session Max" value whose unit is "second". -1 indicates "infinity", namely not expire by "Offline Session Max". One point I would like to discuss is how to accommodate "Offline Session Max" setting (also "Offline Session Max Limited" ON/OFF switch implicitly). My proposal is the following. * On UI(html, js) and RealmModel, use setter/getter. * On RealmAdapter and RealmEntity, use attributes. * On RealmAttributes, define its attribute key such as String OFFLINE_SESSION_MAX_LIFESPAN = "offlineSessionMaxLifespan"; The reason why is to avoid DB migration works. What do you think about that? Best regards, Takashi Norimatsu Hitachi Ltd., -----Original Message----- From: Marek Posolda <mposolda(a)redhat.com&gt; Sent: Monday, June 18, 2018 8:29 PM To: 乗松隆志 / NORIMATSU，TAKASHI <takashi.norimatsu.ws(a)hitachi.com>; &#39;keycloak-dev(a)lists.jboss.org&#39; <keycloak-dev(a)lists.jboss.org&gt; Subject: [!]Re: [keycloak-dev] Offline Session Max for Offline Token Hi, it makes sense to me to have support for this. However IMO default value should be still "infinity" like it is now. I am not sure what is the best way to handle this in admin console considering usability? Considering that timeouts in admin console (Tab "Tokens" of "Realm Settings") doesn't yet support infinity. And other timeouts besides "Offline Session Max" still should be kept to not support infinity IMO. Maybe one way is to have On/Off switch like "Offline Session Max Limited" . It is off by default and when it is switched to ON, it will show another field "Offline Session Max" with the timeout? Which can be 60 days by default maybe? At the model level, there would be still single int value IMO (EG. When the value is -1, it means infinity, which means that "Offline Session Max Limited" switch will be OFF in admin console and "Offline Session Max" hidden. When it is positive value, the "Offline Session Max Limited" switch will be ON and the actual value of timeout "Offline Session Max" will be shown). Could this work? Marek On 14/06/18 08:36, 乗松隆志 / NORIMATSU，TAKASHI wrote: