Manage Session Length
Page Background: In this document we would discuss how you can manage IDHub session lengths.
Log into KeyCloak Admin Console & Select your Realm:
Log into KeyCloak Admin console using your KeyCloak user name and password.
Select your realm:
After selecting your realm you will be shown the Realm settings page. After that you need to click on the tokens tab, then you would see the following page:
The various parameters that you can set and their purposes are described below:
| Configuration | Description |
| SSO Session Idle | A user's session is terminated if they are idle for more time than this timeout. When clients request authentication or make a refresh token request, this timeout value is reset. |
| SSO Session Max | The maximum time before a user session expires. |
| SSO Session Idle Remember Me | This setting is similar to the standard SSO Session Idle configuration but specific to logins with Remember Me enabled. You can specify longer session idle timeouts when they click Remember Me when logging in. |
| SSO Session Max Remember Me | This setting is similar to the standard SSO Session Max but specific to Remember Me logins. You can specify longer sessions when they click Remember Me when logging in. |
| Client Session Idle | If the user is inactive for longer than this timeout, refresh token requests bump the idle timeout. This setting specifies a shorter idle timeout of refresh tokens than the session idle timeout, but you can override it for individual clients. |
| Client Session Max | The maximum time before a refresh token expires and invalidates. This setting specifies a shorter timeout of refresh tokens than the session timeout, but you can override it for individual clients |
| Offline Session Idle | This setting is for offline access. The amount of time the session remains idle before Keycloak revokes its offline token. |
| Offline Session Max Limited | This setting is for offline access. If this flag is ON, Offline Session Max can control the maximum time the offline token remains active, regardless of user activity. |
| Offline Session Max | This setting is for offline access, and it is the maximum time before Keycloak revokes the corresponding offline token |
| Login timeout | The total time a logging in must take. If authentication takes longer than this time, the user must start the authentication process again. |
| Login action timeout | The Maximum time users can spend on any one page during the authentication process. |