libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-14145 OIDC support for Client "offline" session lifespan

Browse source
This commit is contained in:
Yoshiyuki Tabata 2020-05-18 12:20:32 +09:00 committed by Marek Posolda
parent 465e00ccbf
commit ad2f010976
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
server_admin/topics/sessions/timeouts.adoc
View file

@ -41,11 +41,17 @@ greater than 0 it uses the same idle timeout as set in the SSO Session Idle conf
There is a small window of time that is always added to the idle timeout before the session invalidation takes effect. See the note below.
|Offline Session Max Limited
|For <<_offline-access, offline access>>, if this flag is on, Offline Session Max is enabled to control the maximum time the offline token can remain active, regardless of user activity.
|For <<_offline-access, offline access>>, if this flag is on, Offline Session Max is enabled to control the maximum time the offline token can remain active, regardless of user activity. Also Client Offline Session Idle and Client Offline Session Max are enabled.
|Offline Session Max
|For <<_offline-access, offline access>>, this is the maximum time before the corresponding offline token is revoked. This option controls the maximum time the offline token can remain active, regardless of user activity.
|Client Offline Session Idle
|For <<_offline-access, offline access>>, if the user is not active for longer than this timeout, offline token requests will bump the idle timeout. It allows for the specification of a shorter idle timeout of offline token than offline session idle timeout. However, it can be overridden on individual clients. It is an optional configuration and if not set to a value bigger than 0, it uses the same idle timeout set in the Offline Session Idle configuration.
|Client Offline Session Max
|For <<_offline-access, offline access>>, the maximum time before a offline token is expired and invalidated. It allows for the specification of a shorter timeout of offline token than offline session timeout. However, it can be overridden on individual clients. It is an optional configuration and if not set to a value bigger than 0, it uses the same idle timeout set in the Offline Session Max configuration.
|Client Session Idle
|If the user is not active for longer than this timeout, refresh token requests will bump the idle timeout. It allows for the specification of a shorter idle timeout of refresh token than session idle timeout. And it can be overridden on individual clients. It is an optional configuration and if not set to a value bigger than 0 it uses the same idle timeout set in the SSO Session Idle configuration.