[keycloak-user] How to increase session/token timeout for reset action emails?

LIEVRE Olivier olivier.lievre at altran.com
Fri Mar 4 07:16:43 EST 2016 

Hello,

We need exactly the same, so if there a solution it will also help, a workaround could be to increase SSO Session Idle.

@+
oli

-----Message d'origine-----
De : keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] De la part de Edgar Vonk - Info.nl
Envoyé : vendredi 4 mars 2016 12:06
À : keycloak-user
Objet : Re: [keycloak-user] How to increase session/token timeout for reset action emails?

Some more info: currently we have the ‘Login action timeout’ set to 2 days (48 hours). In the ‘reset action’ emails that are sent to our user we see:

"Your adminstrator has just requested that you update your Our Realm account. Click on the link below to start this process.

https://gry-test.info.nl/auth/realms/our-realm/login-actions/execute-actions?key=zHyraAkcSzGO6HXXF9uVTrVx4r_b3a8Qk9JqWwF47gI.cf034bbd-2779-4aab-a444-0b86ffc9f948

This link will expire within 2880 minutes.”

So we assumed that these ‘Account Session’ tokens would remain active for 2 days (=2880 minutes). However this does not seem to be the case.. If I am not mistaken these sessions only live 30 minutes, the same as normal user sessions.

Are we doing something wrong or is this is an issue in Keycloak?

PS: instead of 'normal' sessions we would really want to use offline tokens for the reset action emails so that the reset action tokens are persisted in the database and can survive a server restart.

cheers

Edgar


> On 04 Mar 2016, at 10:20, Edgar Vonk - Info.nl <Edgar at info.nl> wrote:
> 
> Hi all,
> 
> We use the ‘Users > Credentials > Reset Actions (Update Password) > Reset Actions Email’ functionality to send out emails to our users so that they can set their password and log in to our application. This seems to result in an ‘Account Session’ for each user. We notice that the timeout for these sessions is too low for our purposes.
> 
> How can we increase it? Is this the ‘SSO Session Max’ setting (default: 10 hours) or something else? We first thought it was the ‘Login action timeout’ but apparently not. We want it to be in the order of several days.
> 
> cheers
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list