[keycloak-dev] Automatic sign out from admin console
Marek Posolda
mposolda at redhat.com
Wed Oct 15 04:22:56 EDT 2014
Sorry to restore the discussion about admin console timeouts, but the
situation is still not ideal though...
Consider scenario:
- I have ssoSessionIdleTimeout 5 minutes
- Now I login to admin console and I want to create new federation provider
- I am disturbed for 5 minutes
- Now I want to go back to admin console and finish creating my
federation provider. After filling all the values, I click "Add" button.
But session is idle, so I am signed-out and all values I filled in admin
console are lost.
I wonder if we can still improve things a bit to avoid this? Maybe
restore idleTimeout plugin, but instead of having hardcoded timeout
value, it will periodically ask Keycloak (say in 1 minutes intervals)
for send the remaining timeout value? Also it would need to display the
topbar warning with "you will be logged out in N seconds" in case that
there are 2 minutes remaining, so it's visible in KC admin console for
at least 1 minute.
It's still not super-ideal and won't handle all scenarios though (for
example if user is going out of browser for these 5 minutes and he comes
back, he will be just signed-out). So I am not sure if it worth an
effort to add that?
Note that this may not be an issue just for KC admin console, but for
other JS apps secured by keycloak too (See liveoak admin console
https://issues.jboss.org/browse/LIVEOAK-475 )
Marek
More information about the keycloak-dev
mailing list