airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AIRAVATA-2507) Increase Keycloak access token lifetime from default of 5 minutes
Date Tue, 08 Aug 2017 18:27:00 GMT

    [ https://issues.apache.org/jira/browse/AIRAVATA-2507?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16118807#comment-16118807
] 

ASF subversion and git services commented on AIRAVATA-2507:
-----------------------------------------------------------

Commit a7573b2fb2a323ef2608d5c9c5f7c9e7d87fdac0 in airavata's branch refs/heads/develop from
[~marcuschristie]
[ https://git-wip-us.apache.org/repos/asf?p=airavata.git;h=a7573b2 ]

Merge branch 'AIRAVATA-2507' into develop


> Increase Keycloak access token lifetime from default of 5 minutes
> -----------------------------------------------------------------
>
>                 Key: AIRAVATA-2507
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2507
>             Project: Airavata
>          Issue Type: Bug
>          Components: PGA PHP Web Gateway
>    Affects Versions: 0.18
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>
> Default Keycloak Access token lifetime is 5 minutes. This means if the user is idle in
the PGA for 5 minutes or more then they get logged out and can't successful submit their work.
In some cases this means the user loses work.
> Here is [documentation on various timeouts in Keycloak|http://www.keycloak.org/docs/2.5/server_admin/topics/sessions/timeouts.html].
I think two are relevant here:
> * Access Token Lifespan - this is the main one that affects access token lifetime. I
think we should make this 30 minutes (at least).
> * SSO Session Idle - this timeout also affects access token lifetime.  It defaults to
30 minutes. It resets whenever there is an authentication or the use of a refresh token. Thus,
Keycloak recommends that the Access Token Lifespan be less than the SSO Session Idle. I think
we should make SSO Session Idle to 1 hour.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message