[keycloak-user] [KEYCLOAK-2741] Don't remove KEYCLOAK_REMEMBERME cookie when sso session expires. Add timeout for KEYCLOAK_REMEMBERME cookie - JBoss Issue Tracker

[Valerij Timofeev]

Thank you Stian.

We will try SSO time-out of 3 days to workaround the current limitation of
the "remember me" function.

More optimal solution would be https://issues.jboss.org/browse/KEYCLOAK-1267
Are there any plans to work on it?

2016-08-16 9:45 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:

> Cookie authenticator doesn't start a new session. It can only authenticate
> the user if the session is still active.
>
> If you want users to remain authenticated for a longer even when inactive
> you should increase the SSO timeout. That's what it's for.
>
> KEYCLOAK-2741 is about remembering the username so the user only has to
> provide the password.
>
> On 22 July 2016 at 11:18, Valerij Timofeev <valerij.timofeev at gmail.com>
> wrote:
>
>> https://issues.jboss.org/browse/KEYCLOAK-2741
>>
>> Hi,
>>
>> are there any concret plans to implement this ticket?
>>
>> The current implementation does not find any positive feedback by our
>> customers. We are even thinking about increasing SSO timeout from 30
>> minutes to a couple of days to compensate at least a little bit the current
>> drawback. Would this break normal operation of the Keycloak servers?
>>
>> Would it be enough to implement this ticket to provide full "remember me"
>> feature? Can cookie authenticator (auth-cookie) start a new SSO session if
>> the initial one is already expired?
>>
>> Kind regards
>> Valerij Timofeev
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160817/a2f4b5ae/attachment-0001.html