问题
I'm using Keycloak as a auth service for my applications.
We have two applications that will use the same realm for login, but we would like to have different SSO Session Idle time for each applications.
Example: Application A - We would like to allow idle time up to 30 minutes Application B - We would like to allow idle time up to 45 minutes.
However the setting to control the idle time, is set in the Realm settings, and not on the clients settings, which makes it hard for us to solve the scenario above.
Is there anyway to solve the problem for Keycloak - Or perhaps by making a background request from Application B after X amount of idle time?
Thanks Daniel
回答1:
What you trying to achieve contradicts to what SSO is. SSO means single session for all application from your environment. For example i open your application A and then go to application B in separate browser tab. After 30 minutes i should be logged out from application A by timeout, but it means that my SSO session should be killed and this will lead to auto logout from application B.
So if you really want to make it so far, you have to move idle logic to your applications, so they will keep global SSO session alive and track current idle for every user of every application.
来源:https://stackoverflow.com/questions/63723631/different-idle-times-for-clients-keycloak