On 14/03/18 13:53, Jordan Keith wrote:
We do refresh the token in our application every few minutes, so
it's
not really an issue for us.
The reason we are using this setup is because Chrome and other
browsers don't delete session cookies if they are set to remember a
users opened tabs, so a user's session will remain active until the
SSO Session Idle timeout is hit if they close the tab. We don't want
their session to remain open for more than the accessTokenLifespan
unless they are active.
I have created KEYCLOAK-6839, but don't seem to be able to assign it
to anybody. Thanks for your help.
Thanks,
Marek
Thanks,
Jordan
------------------------------------------------------------------------
*From: *"Marek Posolda" <mposolda(a)redhat.com>
*To: *"Jordan Keith" <j.keith(a)xsb.com>, "keycloak-user"
<keycloak-user(a)lists.jboss.org>
*Sent: *Wednesday, March 14, 2018 1:53:02 AM
*Subject: *Re: [keycloak-user] "You took too long to login" after
first login request after SSO session idle occurs (NOT login timeout)
I think I know what's going on. Could you please create JIRA and
assign to me?
BTV. We never tested setup where accessTokenLifespan is bigger than
session idle timeout. It's a bit strange setup as your session will
most likely always timeouts before you have a chance to refresh
tokens. So user will defacto need to re-login every 15 minutes. But if
you are fine with this limitation, then ok :)
Marek
On 13/03/18 22:00, Jordan Keith wrote:
I am using version 3.4.3.
Thanks,
Jordan
------------------------------------------------------------------------
*From: *"Marek Posolda" <mposolda(a)redhat.com>
*To: *"Jordan Keith" <j.keith(a)xsb.com>, "keycloak-user"
<keycloak-user(a)lists.jboss.org>
*Sent: *Tuesday, March 13, 2018 4:31:17 PM
*Subject: *Re: [keycloak-user] "You took too long to login" after
first login request after SSO session idle occurs (NOT login timeout)
What is Keycloak version used? Could you try with latest 3.4.3?
Marek
On 12/03/18 13:22, Jordan Keith wrote:
> We have set the SSO Session Idle to 13 minutes to match our
access token lifespace of 15 minutes in order to workaround the
fact that browsers may not delete session cookies. This has caused
another issue, whereby the user receives the error "You took too
long to login. Login process starting from beginning" even when
they spend no time waiting on the login screen in a certain
scenario. Here's the scenario:
>
> 1). Log into application.
> 2). Close browser tab containing application.
> 3). Wait 15 minutes (SSO idle + 2 minute grace period)
> 4). Open application again. You'll be directed to the login page
by keycloak.
> 5). Attempt to login and receive the error "You took too long to
login. Login process starting from beginning."
>
> Why do I receive this error even when I attempt to login
immediately after opening the log in page?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user