You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "Marcus Christie (JIRA)" <ji...@apache.org> on 2017/10/10 20:07:00 UTC
[jira] [Resolved] (AIRAVATA-2507) Increase Keycloak access token
lifetime from default of 5 minutes
[ https://issues.apache.org/jira/browse/AIRAVATA-2507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marcus Christie resolved AIRAVATA-2507.
---------------------------------------
Resolution: Fixed
This is in production now.
> Increase Keycloak access token lifetime from default of 5 minutes
> -----------------------------------------------------------------
>
> Key: AIRAVATA-2507
> URL: https://issues.apache.org/jira/browse/AIRAVATA-2507
> Project: Airavata
> Issue Type: Bug
> Components: PGA PHP Web Gateway
> Affects Versions: 0.18
> Reporter: Marcus Christie
> Assignee: Marcus Christie
>
> Default Keycloak Access token lifetime is 5 minutes. This means if the user is idle in the PGA for 5 minutes or more then they get logged out and can't successful submit their work. In some cases this means the user loses work.
> Here is [documentation on various timeouts in Keycloak|http://www.keycloak.org/docs/2.5/server_admin/topics/sessions/timeouts.html]. I think two are relevant here:
> * Access Token Lifespan - this is the main one that affects access token lifetime. I think we should make this 30 minutes (at least).
> * SSO Session Idle - this timeout also affects access token lifetime. It defaults to 30 minutes. It resets whenever there is an authentication or the use of a refresh token. Thus, Keycloak recommends that the Access Token Lifespan be less than the SSO Session Idle. I think we should make SSO Session Idle to 1 hour.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)