keycloak-scim/server_admin/topics/sessions/administering.adoc

37 lines
1.6 KiB
Text
Raw Normal View History

2016-05-27 20:12:07 +00:00
=== Administering Sessions
If you go to the `Sessions` left menu item you can see a top level view of the number of sessions that are currently active in the realm.
.Sessions
image:../../{{book.images}}/sessions.png[]
A list of clients is given and how many active sessions there currently are for that client. You can also logout all
users in the realm by clicking the `Logout all` button on the right side of this list.
==== Logout All Limitations
Any SSO cookies set will now be invalid and clients that request authentication in active browser sessions will now have to
2016-06-10 06:59:58 +00:00
re-login. Only certain clients are notified of this logout event, specifically clients that are using the {{book.project.name}}
2016-05-27 20:12:07 +00:00
OIDC client adapter. Other client types (i.e. SAML) will not receive a backchannel logout request.
It is important to note that any outstanding access tokens are not revoked by clicking `Logout all`. They have to
expire naturally. You have to push a <<fake/../../sessions/revocation.adoc#_revocation-policy, revocation policy>> out to
clients, but that also only works with clients using the {{book.project.name}} OIDC client adapter.
==== Application Drilldown
On the `Sessions` page, you can also drill down to each client. This will bring you to the `Sessions` tab of that client.
Clicking on the `Show Sessions` button there allows you to see which users are logged into that application.
.Application Sessions
image:../../{{book.images}}/application-sessions.png[]
==== User Drilldown
2016-06-06 17:15:23 +00:00
If you go to the `Sessions` tab of an individual user, you can also view the session information.
2016-05-27 20:12:07 +00:00
.User Sessions
image:../../{{book.images}}/user-sessions.png[]