keycloak-scim/server_admin/topics/sessions/administering.adoc

36 lines
1.6 KiB
Text

=== Administering Sessions
If you go to the `Sessions` left menu item you can see a top level view of the number of sessions that are currently active in the realm.
.Sessions
image:{project_images}/sessions.png[]
A list of clients is given and how many active sessions there currently are for that client. You can also log out all
users in the realm by clicking the `Logout all` button on the right side of this list.
==== Limitations of the `Logout all` Operation
Any SSO cookies set will now be invalid and clients that request authentication in active browser sessions will now have to
re-login. Only certain clients are notified of this logout event, specifically clients that are using the {project_name}
OIDC client adapter. Other client types, such as SAML, will not receive a backchannel logout request.
It is important to note that any outstanding access tokens are not revoked by clicking `Logout all`. They have to
expire naturally. You have to push a <<_revocation-policy, revocation policy>> out to
clients, but that also only works with clients using the {project_name} OIDC client adapter.
==== Application Drilldown
On the `Sessions` page, you can also drill down to each client. This will bring you to the `Sessions` tab of that client.
Clicking on the `Show Sessions` button there allows you to see which users are logged into that application.
.Application Sessions
image:{project_images}/application-sessions.png[]
==== User Drilldown
If you go to the `Sessions` tab of an individual user, you can also view the session information.
.User Sessions
image:{project_images}/user-sessions.png[]