[keycloak-user] Strange behavior upon the RP initiated logout
Stian Thorgersen
sthorger at redhat.com
Fri Feb 3 03:44:00 EST 2017
Upgrade to the latest version and this should be fixed
On 1 February 2017 at 11:17, Known Michael <known.michael at gmail.com> wrote:
> Hey,
>
> I successfully integrated mod_auth_openidc with Keycloak:
>
> https://keycloak.gitbooks.io/securing-client-applications-
> guide/content/topics/oidc/mod-auth-openidc.html
>
> In addition to the master realm we use our own realm.
>
> I have strange behavior upon the RP initiated logout.
>
> I access RP logout URL it redirects to Keycloak using the logout endpoint
> (https://<ip>/auth/realms/realm/protocol/openid-connect/logout) as
> described here:
> https://github.com/pingidentity/mod_auth_openidc/
> wiki/Session-Management#logout
>
> Unfortunately, Keycloak redirect me to the “Session not active” error
> string when I press on the logout after couple of minutes of work.
> The logout is successfully if I press the logout button after 1 or 2
> minutes after the login.
>
> I have tried to debug Keycloak and I have found the following:
>
> TokenManager in the function
> org.keycloak.protocol.oidc.TokenManager#verifyIDToken calls to
> JsonWebToken
> and founds that the token is expired
> (org.keycloak.representations.JsonWebToken#isExpired)
>
> It caused since the expiration of the token is very short (couple of
> minutes).
>
> Questions:
>
> 1) How to configure the token expiration?
> I have increased “SSO Session Idle” to 90 minute but it does not change the
> token expiration (it remains short)
> https://keycloak.gitbooks.io/server-adminstration-guide/
> content/topics/sessions/timeouts.html
>
> 2) Why logout cannot work after couple of minutes?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list