[keycloak-user] SSO Session Idle and Keycloak-js

Plunkett McGurk plunkett_mcgurk at accelerite.com
Wed Mar 1 11:47:40 EST 2017


Hi Guys,

I have an Angular2 application utilising the Keycloak Javascript (v2.3.0) adapter. The application uses the 'login-required' on load option and the session status iframe is enabled.  However I have noticed a potential problem regarding the function of SSO Session Idle.

 According to the documentation both the token and session are invalidated when either the SSO Session Idle time or SSO Session Max values have been reached. If the SSO Session Max value is reached the user is automatically redirected to the Login screen however if the idle time is reached (idle time set to 5mins, Session max set to 30 mins) no redirect happens and any subsequent attempt to access keycloak results in the following error because of the expired token

POST http://sso.keycloak-server.com/auth/realms/iot/protocol/openid-connect/token 400 (Bad Request)
{"error":"invalid_grant","error_description":"Refresh token expired"}

So is the lack of redirect to login expected behavior when the SSO Session Idle time has been exceeded?

Thanks
Plunkett



DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.



More information about the keycloak-user mailing list