65 lines
No EOL
2.6 KiB
Text
65 lines
No EOL
2.6 KiB
Text
|
|
=== Administering sessions
|
|
|
|
To see a top-level view of the active clients and sessions in {project_name}, click *Sessions* from the menu.
|
|
|
|
.Sessions
|
|
image:{project_images}/sessions.png[Sessions tab]
|
|
|
|
ifeval::[{project_community}==true]
|
|
==== Signing out all active sessions
|
|
|
|
You can sign out all users in the realm. From the *Action* list, select *Sign out all active sessions*. All SSO cookies become invalid. {project_name} notifies clients by using the {project_name} OIDC client adapter of the logout event. Clients requesting authentication within active browser sessions must log in again. Client types such as SAML do not receive a back-channel logout request.
|
|
|
|
[NOTE]
|
|
====
|
|
Clicking *Sign out all active sessions* does not revoke outstanding access tokens. Outstanding tokens must expire naturally. For clients using the {project_name} OIDC client adapter, you can push a <<_revocation-policy, revocation policy>> to revoke the token, but this does not work for other adapters.
|
|
====
|
|
|
|
==== Viewing client sessions
|
|
|
|
.Procedure
|
|
. Click *Clients* in the menu.
|
|
. Click the *Sessions* tab.
|
|
. Click a client to see that client's sessions.
|
|
+
|
|
.Client sessions
|
|
image:{project_images}/client-sessions.png[Client sessions]
|
|
|
|
==== Viewing user sessions
|
|
|
|
.Procedure
|
|
. Click *Users* in the menu.
|
|
. Click the *Sessions* tab.
|
|
. Click a user to see that user's sessions.
|
|
+
|
|
.User sessions
|
|
image:{project_images}/user-sessions.png[User sessions]
|
|
endif::[]
|
|
ifeval::[{project_product}==true]
|
|
|
|
==== The *Logout all* Operation
|
|
|
|
You can log out all users in the realm by clicking the *Logout all* button.
|
|
|
|
When you click the *Logout all* button, all SSO cookies become invalid, and clients requesting authentication within active browser sessions must log in again. {project_name} notifies clients by using the {project_name} OIDC client adapter of the logout event. Client types such as SAML do not receive a back-channel logout request.
|
|
|
|
[NOTE]
|
|
====
|
|
Clicking *Logout all* does not revoke outstanding access tokens. Outstanding tokens must expire naturally. For clients using the {project_name} OIDC client adapter, you can push a <<_revocation-policy, revocation policy>> to revoke the token, but this does not work for other adapters.
|
|
====
|
|
|
|
==== Application navigation
|
|
|
|
On the `Sessions` page, you can click on each client to go to that client's `Sessions` tab. Click the *Show Sessions* button there to see which users are in the application.
|
|
|
|
.Application sessions
|
|
image:{project_images}/client-sessions.png[]
|
|
|
|
==== User navigation
|
|
|
|
If you go to the `Sessions` tab of an individual user, you can also view the user's session information.
|
|
|
|
.User Sessions
|
|
image:{project_images}/user-sessions.png[]
|
|
endif::[] |