Force logout does not logout user in first five minutes #686
-
|
Hello, I'm using mod_auth_openidc with keycloak for managing access to a web application. We are using Implicit flow. The web application makes a few XRH requests, which are authenticated with the mod_auth_openidc cookies. But if we go to Keycloak and force Logout the user, it works, unless is in the first five minutes after login. If it is done within those 5 minutes, the session is kept alive for the several minutes. The session disappears from keycloak. If I logout from the user's UI, everything works fine. I'm not sure of which configuration I need to tweak to not have this behavior, or even if it is expected behavior (I guess not). Here is a extract of our conf file: ` OIDCSessionMaxDuration 3600 OIDCRefreshAccessTokenBeforeExpiry 1200 logout_on_error has anyone had this problem before? Thank you for your help |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
It was the Keycloak's version, updated to 15 and the error no longer occurs |
Beta Was this translation helpful? Give feedback.
It was the Keycloak's version, updated to 15 and the error no longer occurs