Replies: 1 comment 20 replies
-
|
no additional config is needed; can you provide the (full) server debug logs that show this behaviour? |
Beta Was this translation helpful? Give feedback.
-
|
Thx for your quick responses |
Beta Was this translation helpful? Give feedback.
-
because you've configured |
Beta Was this translation helpful? Give feedback.
-
|
So this OIDCUnAuthAction pass is not per Location, as i configured it only for the /server location but not for |
Beta Was this translation helpful? Give feedback.
-
|
it is per location (that's also why a refresh would trigger full auth) |
Beta Was this translation helpful? Give feedback.
-
|
Is there a possibility to get your support on a per hour basis? |
Beta Was this translation helpful? Give feedback.
-
I have set
OIDCSessionMaxDuration=0
so the session will expire when the id token expires. This seems to work as my id token is valid for 5 min and after 5 mins the log says
[Tue Jan 25 15:17:52.075084 2022] [auth_openidc:warn] [pid 11] [client 10.0.0.2:50353] oidc_check_max_session_duration: maximum session duration exceeded for user: SOMEUSERNAME/, referer:
and the following log is displayed below
[Tue Jan 25 15:18:52.801965 2022] [authz_core:debug] [pid 25] mod_authz_core.c(815): [client 10.0.0.2:50389] AH01626: authorization result of Require valid-user : denied (no authenticated user yet).
But i still can continue after that to use the protected application. i Would expect that i have to relogin, when the session is expired. Did i miss some Config related to session expiration?
When i do then a full reload in the browser a new cookie is created and a new id_token is set in the env vars...
Beta Was this translation helpful? Give feedback.
All reactions