I successfully integrated mod_auth_openidc with Keycloak:
In addition to the master realm we use our own realm.
I have strange behavior upon the RP initiated logout.
I access RP logout URL it redirects to Keycloak using the logout endpoint
Unfortunately, Keycloak redirect me to the “Session not active” error
string when I press on the logout after couple of minutes of work.
The logout is successfully if I press the logout button after 1 or 2
minutes after the login.
I have tried to debug Keycloak and I have found the following:
TokenManager in the function
org.keycloak.protocol.oidc.TokenManager#verifyIDToken calls to JsonWebToken
and founds that the token is expired
It caused since the expiration of the token is very short (couple of
1) How to configure the token expiration?
I have increased “SSO Session Idle” to 90 minute but it does not change the
token expiration (it remains short)
2) Why logout cannot work after couple of minutes?