Skip to main content

Manage Session Length

Page Background: In this document we would discuss how you can manage IDHub session lengths.

Log into KeyCloak Admin Console & Select your Realm:

Log into KeyCloak Admin console using your KeyCloak user name and password.

Select your realm:

After selecting your realm you will be shown the Realm settings page. After that you need to click on the tokens tab, then you would see the following page:

The various parameters that you can set and their purposes are described below:

ConfigurationDescription
SSO Session IdleA user's session is terminated if they are idle for more time than this timeout. When clients request authentication or make a refresh token request, this timeout value is reset.
SSO Session MaxThe maximum time before a user session expires.
SSO Session Idle Remember MeThis setting is similar to the standard SSO Session Idle configuration but specific to logins with Remember Me enabled. You can specify longer session idle timeouts when they click Remember Me when logging in.
SSO Session Max Remember MeThis setting is similar to the standard SSO Session Max but specific to Remember Me logins. You can specify longer sessions when they click Remember Me when logging in.
Client Session IdleIf the user is inactive for longer than this timeout, refresh token requests bump the idle timeout. This setting specifies a shorter idle timeout of refresh tokens than the session idle timeout, but you can override it for individual clients.
Client Session MaxThe maximum time before a refresh token expires and invalidates. This setting specifies a shorter timeout of refresh tokens than the session timeout, but you can override it for individual clients
Offline Session IdleThis setting is for offline access. The amount of time the session remains idle before Keycloak revokes its offline token.
Offline Session Max LimitedThis setting is for offline access. If this flag is ON, Offline Session Max can control the maximum time the offline token remains active, regardless of user activity.
Offline Session MaxThis setting is for offline access, and it is the maximum time before Keycloak revokes the corresponding offline token
Login timeoutThe total time a logging in must take. If authentication takes longer than this time, the user must start the authentication process again.
Login action timeoutThe Maximum time users can spend on any one page during the authentication process.