On 25 January 2016 at 09:54, Marek Posolda <mposolda(a)redhat.com> wrote:
Not sure about that. IMO seconds are good to have more fine grained
timeout values. For example in some deployment the "Access token timeout"
value 1 minute might be too short, but 2 minutes are too long, so they
prefer to use 90 seconds as compromise.
I disagree, I really don't see anyone needing to set timeouts in second
granularity,
Also seconds are good for development. For example, I am sometimes using
seconds for testing (IE. setting timeout to 10 seconds to quickly enforce
refresh etc)
Skip seconds to address KEYCLOAK-1341 looks to me like workaround rather
than real solution. The question is if we should address KEYCLOAK-1341 at
all? There are probably many possibilities how can admin breaks the login
to admin console itself or break the keycloak entirely. Few examples, which
come to my mind (there are likely much more):
- Delete or disable security-admin-console client
We're going to prevent users from deleting internal clients and roles, so
that won't be a problem anymore
- delete or disable himself
Can be recovered by adding new user using add-user script
- remove roles from himself
Same as above
- remove scopes from security-admin-console client
We haven't covered that one
- configure authentication flow in some way that it's not
possible login
anymore
Not covered either
- Timeouts
I don't think that we should try to prevent all of these situations. I
didn't see any real support questions related to this. And for example in
linux if you do "rm -rf /home" the system is broken as well. Isn't this
kind of similar? IMO admins should do backup of database, so they can
revert if they accidentally mis-configure things.
What you are saying makes no sense whatsoever. It's like saying validation
in user interfaces is a waste of time.
Validation in user interfaces are there to help people, and to prevent
people doing things that will screw things up. This is an really good
example of where lack of validation on inputs allows users to set stupid
values. 1 second timeouts never makes any sense, so why should we let users
set it. It could also be a mistake as someone wanted to set 1 minute, but
selected second by mistake.
Arguing against preventing people from screwing things up for themselves by
coming with another example where they can screw things up is just not good
argumentation. We should do as much as we can, and in this case it's a very
simple fix that could prevent a rather annoying issue.
Marek
On 21/01/16 20:45, Stian Thorgersen wrote:
Do we need to have seconds at all for token timeouts? Removing seconds
from token would make it simpler, but also make sure no one sets timeouts
that are to short (see <
https://issues.jboss.org/browse/KEYCLOAK-1341>
https://issues.jboss.org/browse/KEYCLOAK-1341)
_______________________________________________
keycloak-dev mailing
listkeycloak-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev