Marcus Christie commented on AIRAVATA-2507:

Created branch AIRAVATA\-2507 off of master, and I've merged it into develop 
for testing.

Still needs testing. I think I'll test this one once I fix setting the admin 
password when creating the Keycloak tenant.

> Increase Keycloak access token lifetime from default of 5 minutes
> -----------------------------------------------------------------
>                 Key: AIRAVATA-2507
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2507
>             Project: Airavata
>          Issue Type: Bug
>          Components: PGA PHP Web Gateway
>    Affects Versions: 0.18
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
> Default Keycloak Access token lifetime is 5 minutes. This means if the user 
> is idle in the PGA for 5 minutes or more then they get logged out and can't 
> successful submit their work. In some cases this means the user loses work.
> Here is [documentation on various timeouts in 
> Keycloak|http://www.keycloak.org/docs/2.5/server_admin/topics/sessions/timeouts.html].
>  I think two are relevant here:
> * Access Token Lifespan - this is the main one that affects access token 
> lifetime. I think we should make this 30 minutes (at least).
> * SSO Session Idle - this timeout also affects access token lifetime.  It 
> defaults to 30 minutes. It resets whenever there is an authentication or the 
> use of a refresh token. Thus, Keycloak recommends that the Access Token 
> Lifespan be less than the SSO Session Idle. I think we should make SSO 
> Session Idle to 1 hour.

This message was sent by Atlassian JIRA

Reply via email to