keycloak-scim/server_admin/topics/sessions/timeouts.adoc

46 lines
1.9 KiB
Text
Raw Normal View History

2016-05-27 20:12:07 +00:00
[[_timeouts]]
=== Session and Token Timeouts
{{book.project.name}} gives you fine grain control of session, cookie, and token timeouts. This is all done on the
`Tokens` tab in the `Realm Settings` left menu item.
.Tokens Tab
image:../../{{book.images}}/tokens-tab.png[]
Let's walk through each of the items on this page.
|===
|Configuration|Description
|Revoke Refresh Token
2016-06-06 17:15:23 +00:00
|For OIDC clients that are doing the refresh token flow, this flag, if on, will revoke that refresh token and issue another with the request that the client has to use.
2016-05-27 20:12:07 +00:00
This basically means that refresh tokens have a one time use.
|SSO Session Idle
2016-06-06 17:15:23 +00:00
|Also pertains to OIDC clients. If the user is not active for longer than this timeout, the user session will be invalidated. How is idle time checked?
2016-05-27 20:12:07 +00:00
A client requesting authentication will bump the idle timeout. Referesh token requests will also bump the idle timeout.
|SSO Session Max
|Maximum time before a user session is expired and invalidated. This is a hard number and time. It controls the maximum time
2016-06-06 17:15:23 +00:00
a user session can remain active, regardless of activity.
2016-05-27 20:12:07 +00:00
|Offline Session Idle
2016-06-10 07:13:17 +00:00
|For <<fake/../../sessions/offline.adoc#_offline-access, offline access>>, this is the time the session is allowed to remain idle before the offline token is revoked.
2016-05-27 20:12:07 +00:00
|Access Token Lifespan
2016-06-06 17:15:23 +00:00
|When an OIDC access token is created, this value affects the expiration.
2016-05-27 20:12:07 +00:00
2016-06-10 07:11:35 +00:00
|Access Token Lifespan For Implicit Flow
2016-06-10 07:12:35 +00:00
|With the Implicit Flow no refresh token is provided. For this reason there's a separate timeout for access tokens created with the Implicit Flow.
2016-06-10 07:11:35 +00:00
2016-05-27 20:12:07 +00:00
|Client login timeout
|This is the maximum time that a client has to finish the Authentication Code Flow in OIDC.
|Login timeout
2016-06-06 17:15:23 +00:00
|Total time a login must take. If authentication takes longer than this time then the user will have to start the authentication process over.
2016-05-27 20:12:07 +00:00
|Login action timeout
|Maximum time a user can spend on any one page in the authentication process.
|===