[keycloak-user] Wildfly Client Adapter Session Expiration

Ryan Slominski ryans at jlab.org
Wed May 22 13:11:12 EDT 2019


Is there any documentation on how session expiration works with respect to the Wildfly client adapter.  If the Keycloak idle session timeout expires, it seems to automatically expire a Wildfly client session too.  In my client application web.xml I have an expiration of 8 hours.  However, it appears the 30 minute default Keycloak idle session expiration is overriding this.   After 30 minutes of idle time if I return to my client application I am logged out and the Keycloak log file contains:

WARN  [org.keycloak.events] (default task-41) type=REFRESH_TOKEN_ERROR, realmId=xxxx, clientId=xxxxx, userId=null, ipAddress=xxx.xx.xx.xxx, error=invalid_token, grant_type=refresh_token, client_auth_method=client-secret

I assume I can bump up Keycloak session idle as a workaround, but this means ALL applications must have a long expiration.  I was wondering if once authenticated to an application on Wildfly that application could control its own JSESSIONID session expiration?   The fact that we set session expiration in two places is confusing as it seems the one in web.xml is not honored.

Ryan




More information about the keycloak-user mailing list