I suspect the issue is down to the HTTP sessions ot the Keycloak Proxy
timing out. The default timeout is 30 minutes and we don't currently have a
way of configuring that in the Keycloak Proxy. Can you create a JIRA for it?
On 23 June 2016 at 03:04, Chris Pitman <cpitman(a)redhat.com> wrote:
----- Original Message -----
>
> Quite likely it's the session that is no longer valid, not just the
token.
> If the access token is not valid (this is 5min by default) it will be
> refreshed by the proxy (valid as long as the user session is valid).
>
> Once the user session is no longer valid the user is required to
> re-authenticate to Keycloak which causes the redirect to Google. This
> happens by default after the session has been idle 30 min (no token
> refreshes) or after 10 hours. You can change the timeouts through the
admin
> console.
>
I've tried setting both "SSO Session Idle" and "SSO Session Max"
to 1 Day,
but see this issue where the proxy redirects to keycloak which redirects to
google after about 1 hour. Is there another setting I need to change?