[keycloak-user] Problems with expired user action emails
Samuel Otter
samuel.otter at gmail.com
Thu Nov 19 05:38:13 EST 2015
Hi,
We have discovered a somewhat strange behavior with the User Action
timeouts. We need to have a fairly long User Action timeout but the links
provided in the emails to the users expire well before that time. After
some digging around in the source code I think this is because both a user
and a client session is created for the user action, but when the user
session expires and is removed the client session is also removed with it.
If we set the User Session SSO timeout to the same value it does indeed
seem to work as expected.
This seems unintentional and I can't really see why the user session is
created at all in this case as it is not really used as far as I can tell
(the client session id is used in the email link)? OTOH I am not sure why
the client session is removed when the user session expires? Or have we
completely misunderstood how this is supposed to work?
Anyway, as it is you can't really have a User Action timeout that is longer
than the SSO Session timeout.
Thanks,
Samuel Otter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151119/e6537dd9/attachment.html
More information about the keycloak-user
mailing list