客户端的不同空闲时间-KeyCloak [英] Different Idle times for Clients - KeyCloak

问题描述

我正在使用Keycloak作为我的应用程序的身份验证服务.

I'm using Keycloak as a auth service for my applications.

我们有两个应用程序将使用相同的域进行登录，但是我们希望每个应用程序具有不同的SSO会话空闲时间.

We have two applications that will use the same realm for login, but we would like to have different SSO Session Idle time for each applications.

示例: 应用程序A-我们希望允许最多30分钟的空闲时间 应用程序B-我们希望允许最多45分钟的空闲时间.

Example: Application A - We would like to allow idle time up to 30 minutes Application B - We would like to allow idle time up to 45 minutes.

但是，用于控制空闲时间的设置是在Realm设置中设置的，而不是在客户端设置中设置的，这使我们很难解决上述情况.

However the setting to control the idle time, is set in the Realm settings, and not on the clients settings, which makes it hard for us to solve the scenario above.

反正有没有解决Keycloak的问题-还是可能是在X空闲时间之后从应用程序B发出后台请求?

Is there anyway to solve the problem for Keycloak - Or perhaps by making a background request from Application B after X amount of idle time?

谢谢 丹尼尔

推荐答案

您要实现的目标与SSO是矛盾的. SSO意味着您环境中所有应用程序的单一会话.例如，我打开您的应用程序A，然后在单独的浏览器选项卡中转到应用程序B. 30分钟后，我应该通过超时从应用程序A中注销，但这意味着我的SSO会话应该被终止，这将导致从应用程序B中自动注销.

What you trying to achieve contradicts to what SSO is. SSO means single session for all application from your environment. For example i open your application A and then go to application B in separate browser tab. After 30 minutes i should be logged out from application A by timeout, but it means that my SSO session should be killed and this will lead to auto logout from application B.

因此，如果您真的想做到这一点，则必须将空闲逻辑移至您的应用程序，这样它们才能使全局SSO会话保持活动状态并跟踪每个应用程序的每个用户的当前空闲状态.

So if you really want to make it so far, you have to move idle logic to your applications, so they will keep global SSO session alive and track current idle for every user of every application.

这篇关于客户端的不同空闲时间-KeyCloak的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！