It's not quite the solution you want, but the SAML spec supports having a SesssionNotOnOrAfter attribute that indicates the max length of time an SP should have the session last. Currently Keycloak isn't including this attribute though (see my failed MR https://github.com/keycloak/keycloak/pull/3250) Jared On Thu, Oct 27, 2016 at 9:23 AM, Josh Cain wrote: > Interesting - and what of the SAML Use case? Typically SAML SP's are > going to consume the assertion and then establish a session with the > end user. Seems like a valid use case to notify these consumers so > that there aren't lingering sessions if their expiry happens to be > longer than the IDP. > On Thu, 2016-10-27 at 12:15 +0200, Stian Thorgersen wrote: > > No, there is no notification in this case. Only if user or admin > > actively > > logs out the session. > > > > As access tokens have short expiration the applications would notice > > the > > session idle in either case when trying to refresh the token, so I > > don't > > think it's needed. > > > > On 27 October 2016 at 11:29, Rickard ?sterg?rd > il.com> > > wrote: > > > > > > > > Hi, > > > > > > I have a question about user session expiration. > > > > > > When the SSO Session Idle or SSO Session Max times are reached the > > > auth > > > server will invalidate the user session. Will the clients that have > > > initiated these session be notified? Hence, are the clients logged > > > out (via > > > the admin url) when the auth server expires a user session? > > > > > > If not, is this a feature that will be implemented in coming > > > releases ? > > > > > > Best regards, > > > Rickard > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >