How are you creating the user action emails? Is it through the admin
console?
On 19 November 2015 at 11:38, Samuel Otter <samuel.otter(a)gmail.com> wrote:
Hi,
We have discovered a somewhat strange behavior with the User Action
timeouts. We need to have a fairly long User Action timeout but the links
provided in the emails to the users expire well before that time. After
some digging around in the source code I think this is because both a user
and a client session is created for the user action, but when the user
session expires and is removed the client session is also removed with it.
If we set the User Session SSO timeout to the same value it does indeed
seem to work as expected.
This seems unintentional and I can't really see why the user session is
created at all in this case as it is not really used as far as I can tell
(the client session id is used in the email link)? OTOH I am not sure why
the client session is removed when the user session expires? Or have we
completely misunderstood how this is supposed to work?
Anyway, as it is you can't really have a User Action timeout that is
longer than the SSO Session timeout.
Thanks,
Samuel Otter
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user