Interesting - and what of the SAML Use case? Typically SAML SP's are
going to consume the assertion and then establish a session with the
end user. Seems like a valid use case to notify these consumers so
that there aren't lingering sessions if their expiry happens to be
longer than the IDP.
On Thu, 2016-10-27 at 12:15 +0200, Stian Thorgersen wrote:
No, there is no notification in this case. Only if user or admin
logs out the session.
As access tokens have short expiration the applications would notice
session idle in either case when trying to refresh the token, so I
think it's needed.
On 27 October 2016 at 11:29, Rickard Östergård <rickard.ostergard@gma
> I have a question about user session expiration.
> When the SSO Session Idle or SSO Session Max times are reached the
> server will invalidate the user session. Will the clients that have
> initiated these session be notified? Hence, are the clients logged
> out (via
> the admin url) when the auth server expires a user session?
> If not, is this a feature that will be implemented in coming
> releases ?
> Best regards,
> keycloak-user mailing list
keycloak-user mailing list