Session Expiration and Keycloak #731
-
|
This is probably a keycloak question, but I'm having trouble hunting this down. I'm running into a problem configuring the session expiration. My access token has a 30 minute timeout that I can see in the logs, but the session timeout is configured to 5 minutes. [Tue Nov 09 09:56:12.903209 2021] [auth_openidc:debug] [pid 1691793:tid 1691965] src/util.c(1862): [client 192.168.1.124:43845] oidc_util_set_app_info: setting environment variable "OIDC_access_token_expires: 1636471572" According to the description for OIDCSessionMaxDuration, it defaults to the id token expiration, but I can't find this value in my keycloak token settings. The only token settings set to 5 minutes are the Login action timeout and the user-initiated action lifespan. Does someone know where the id token expiration is configured? Currently using 2.4.8.4. Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
it seems you're mixing up inactivity timeout and session duration, see: https://github.com/zmartzone/mod_auth_openidc/wiki/Session-management-settings; anyhow, by default the id_token expiry does translate into a timeout in mod_auth_openidc |
Beta Was this translation helpful? Give feedback.
-
|
Possibly. What I'm trying to determine is how to control the id_token expiry in keycloak so it affects the session timeout in mod_auth_openidc. |
Beta Was this translation helpful? Give feedback.
-
|
Sorry, you are 100% right. OIDCSessionInactivityTimeout was the issue. |
Beta Was this translation helpful? Give feedback.
it seems you're mixing up inactivity timeout and session duration, see: https://github.com/zmartzone/mod_auth_openidc/wiki/Session-management-settings; anyhow, by default the id_token expiry does translate into a timeout in mod_auth_openidc