[keycloak-user] How to handle timeout for external IDP providers
Bruce Wings
testoauth55 at gmail.com
Mon Jun 3 05:50:15 EDT 2019
I have configured external SAML IDP (Okta) with keycloak. Now one of my the
apps(unchangeable) is directly connected to same SAML provider & need SAML
token when it's api is called from my app. Since keycloak provides a way to
retrieve SAML token through API :
/auth/realms/myRealm/broker/ping/token
I have obtained this SAML token and used for my API. But there is 1 problem.
Supoose expiry time of SAML token is 1 hour. And keycloak refresh token
expiry is 2 hour. My keycloak OIDC token will remain valid till 2 hours and
following URL : /auth/realms/myRealm/broker/ping/token will keep giving
expired SAML token (from 1 hour to 2 hour).
What is the best way to go around this issue?
More information about the keycloak-user
mailing list