On Wed, 4 Jan 2017 14:40:06 -0500 Ravi wrote: RN> With SSO the client sends the client secret to SSO which is stored in the RN> session. Now when the clients session expires all the information including RN> the client secret is lost when the session is purged by the application RN> server.
Is the session expiration time configurable? RN> 1. login to webadmin RN> 2. Leave the session until session time out on engine and user is RN> redirected to login page (the client id and secret are sent) RN> 3. If user tries to login now everything will be fine but if user leaves RN> and the session expires the session is purged, client secret is lost RN> 4. User enters user name password on the screen after coming back. The RN> login form does not have a session associated with it so the client and RN> secret are not found and SSO needs to report that the session has expired RN> and redirect user to welcome page. So in step 4, can't it just start a new session instead of going to an expiration page? Or show the page for a few seconds and then start a new session? Or in step 2, set a refresh on the login page that still has a session so that when the session expires it will redirect to a login screen that will start a new session? Robert -- Senior Software Engineer @ Parsons
pgpTUCYHmj98k.pgp
Description: OpenPGP digital signature
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
