The idle timeout is refreshed whenever a token refresh is executed (or
whenever a successful SAML or OIDC login request happens). The max
timeout of the session is static though and never changing.
On 12/1/16 10:08 AM, Chris Savory wrote:
Bill,
When a token refresh is performed or a new token is generated via a ‘check-sso’ is the
SSO Session extended? If not, how can we extend the SSO Session from an Angular client
using the JS adapter?
--
Christopher Savory
Software Engineer | EdLogics
www.edlogics.com <
http://www.edlogics.com/>
<
http://www.edlogics.com/>
<
https://www.linkedin.com/company/edlogics> <
https://twitter.com/EdLogics>
On 11/29/16, 7:12 PM, "keycloak-user-bounces(a)lists.jboss.org on behalf of Bill
Burke" <keycloak-user-bounces(a)lists.jboss.org on behalf of bburke(a)redhat.com>
wrote:
There is an idle timeout and a max session lifespan and an access token
timeout. I don't think we check the max session lifespan when
generating a token, so an access token might be active for access token
timeout + max session lifespan.
On 11/29/16 6:36 PM, Chris Stephens wrote:
> We have an angular app and are using the keycloak js adapter. We refresh the
token if it expires within 5 seconds. We also refresh the token every 15 minutes. Our
users can jump in and out of our angular app. When they come back in the initialization
logic goes to the key cloak server to make sure they are logged in. What our QA team is
telling us is after 2-3 hours of clicking on the site the user is no longer logged in, but
some of the calls with bearer tokens still go through. We need to know if refreshing the
token or doing the 'check-sso' extends the session.
>
>
> Christopher Stephens
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user