Hi Guys, I sent this request out a while back but have not received any update, can anyone confirm if what I've mentioned below is expected behavior? Thanks Plunkett -----Original Message----- From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Plunkett McGurk Sent: 01 March 2017 16:48 To: keycloak-user(a)lists.jboss.org Subject: [keycloak-user] SSO Session Idle and Keycloak-js Hi Guys, I have an Angular2 application utilising the Keycloak Javascript (v2.3.0) adapter. The application uses the 'login-required' on load option and the session status iframe is enabled. However I have noticed a potential problem regarding the function of SSO Session Idle. According to the documentation both the token and session are invalidated when either the SSO Session Idle time or SSO Session Max values have been reached. If the SSO Session Max value is reached the user is automatically redirected to the Login screen (logged out) however if the idle time is reached (idle time set to 5mins, Session max set to 30 mins) no redirect happens and any subsequent attempt to access keycloak results in the following error because of the expired token POST http://sso.keycloak-server.com/auth/realms/iot/protocol/openid-connect/token 400 (Bad Request) {"error":"invalid_grant","error_description":"Refresh token expired"} So is the lack of redirect to login ( expected behavior when the SSO Session Idle time has been exceeded? Thanks Plunkett DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.