Marcus Christie created AIRAVATA-2507:
-----------------------------------------
Summary: Increase Keycloak access token lifetime from default of 5
minutes
Key: AIRAVATA-2507
URL: https://issues.apache.org/jira/browse/AIRAVATA-2507
Project: Airavata
Issue Type: Bug
Components: PGA PHP Web Gateway
Affects Versions: 0.18
Reporter: Marcus Christie
Assignee: Marcus Christie
Default Keycloak Access token lifetime is 5 minutes. This means if the user is
idle in the PGA for 5 minutes or more then they get logged out and can't
successful submit their work. In some cases this means the user loses work.
Here is [documentation on various timeouts in
Keycloak|http://www.keycloak.org/docs/2.5/server_admin/topics/sessions/timeouts.html].
I think two are relevant here:
* Access Token Lifespan - this is the main one that affects access token
lifetime. I think we should make this 30 minutes (at least).
* SSO Session Idle - this timeout also affects access token lifetime. It
defaults to 30 minutes. It resets whenever there is an authentication or the
use of a refresh token. Thus, Keycloak recommends that the Access Token
Lifespan be less than the SSO Session Idle. I think we should make SSO Session
Idle to 1 hour.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
