From 8952d7f1521c48d264bd2a9173ac019196b36e03 Mon Sep 17 00:00:00 2001 From: Hynek Mlnarik Date: Wed, 17 May 2017 16:20:44 +0200 Subject: [PATCH] KEYCLOAK-4627 Documentation for action token timeouts --- server_admin/topics/sessions/timeouts.adoc | 6 ++++++ server_admin/topics/users/credentials.adoc | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/server_admin/topics/sessions/timeouts.adoc b/server_admin/topics/sessions/timeouts.adoc index 30228a211f..819972cd1c 100644 --- a/server_admin/topics/sessions/timeouts.adoc +++ b/server_admin/topics/sessions/timeouts.adoc @@ -42,4 +42,10 @@ Let's walk through each of the items on this page. |Login action timeout |Maximum time a user can spend on any one page in the authentication process. + +|User-Initiated Action Lifespan +|Maximum time before an action permit sent by a user (e.g. forgot password e-mail) is expired. This value is recommended to be short because it is expected that the user would react to self-created action quickly. + +|Default Admin-Initiated Action Lifespan +|Maximum time before an action permit sent to a user by an admin is expired. This value is recommended to be long to allow admins send e-mails for users that are currently offline. The default timeout can be overridden right before issuing the token. |=== diff --git a/server_admin/topics/users/credentials.adoc b/server_admin/topics/users/credentials.adoc index 42b1195a71..7569aeb2b8 100644 --- a/server_admin/topics/users/credentials.adoc +++ b/server_admin/topics/users/credentials.adoc @@ -14,7 +14,8 @@ If the `Temporary` switch is on, this new password can only be used once and the logged in. Alternatively, if you have <> set up, you can send an email to the user that asks -them to reset their password. Choose `Update Password` from the `Reset Actions` list box and click `Send Email`. +them to reset their password. Choose `Update Password` from the `Reset Actions` list box and click `Send Email`. You can optionally +set the validity of the e-mail link which defaults to the one preset in `Tokens` tab in the realm settings. The sent email contains a link that will bring the user to the update password screen. ==== Changing OTPs