Change Details

It enables to extend an OpenID Connect refresh token expiration from 30 minutes to 6 hours. It means a user does not have to login with his credentials again during that idle period. For instance when a user logged in into SWH Web Applications using a browser, if he visits the website again during that idle period he will remain connected to his authenticated session. Please note that it does not affect user permissions encoded in OIDC access tokens that are renewed every 5 minutes. ``` 14:50 $ bin/octocatalog-diff --octocatalog-diff-args --no-truncate-details -t staging kelvingrove.internal.softwareheritage.org Found host kelvingrove.internal.softwareheritage.org Cloning into '/tmp/swh-ocd.H42JRbSM/environments/production/data/private'... done. Cloning into '/tmp/swh-ocd.H42JRbSM/environments/staging/data/private'... done. *** Running octocatalog-diff on host kelvingrove.internal.softwareheritage.org I, [2021-05-06T14:51:47.441665 #517780] INFO -- : Catalogs compiled for kelvingrove.internal.softwareheritage.org I, [2021-05-06T14:51:47.702618 #517780] INFO -- : Diffs computed for kelvingrove.internal.softwareheritage.org diff origin/production/kelvingrove.internal.softwareheritage.org current/kelvingrove.internal.softwareheritage.org ******************************************* Keycloak_realm[SoftwareHeritageStaging] => parameters => sso_session_idle_timeout => + 21600 ******************************************* Keycloak_realm[SoftwareHeritage] => parameters => sso_session_idle_timeout => + 21600 ******************************************* Keycloak_realm[master] => parameters => sso_session_idle_timeout => + 21600 ******************************************* *** End octocatalog-diff on kelvingrove.internal.softwareheritage.org ``` Related to T3272

It enables to extend an OpenID Connect refresh token expiration from 30 minutes to one week. It means a user does not have to login with his credentials again during that idle period. For instance when a user logged in into SWH Web Applications using a browser, if he visits the website again during that idle period he will remain connected to his authenticated session. Please note that it does not affect user permissions encoded in OIDC access tokens that are renewed every 5 minutes. ```15:40 $ bin/octocatalog-diff --octocatalog-diff-args --no-truncate-details -t staging kelvingrove.internal.softwareheritage.org Found host kelvingrove.internal.softwareheritage.org Cloning into '/tmp/swh-ocd.tRNPqiYk/environments/production/data/private'... done. Cloning into '/tmp/swh-ocd.tRNPqiYk/environments/staging/data/private'... done. *** Running octocatalog-diff on host kelvingrove.internal.softwareheritage.org I, [2021-05-06T15:41:03.438354 #568859] INFO -- : Catalogs compiled for kelvingrove.internal.softwareheritage.org I, [2021-05-06T15:41:03.694366 #568859] INFO -- : Diffs computed for kelvingrove.internal.softwareheritage.org diff origin/production/kelvingrove.internal.softwareheritage.org current/kelvingrove.internal.softwareheritage.org ******************************************* Keycloak_realm[SoftwareHeritageStaging] => parameters => sso_session_idle_timeout => + 604800 sso_session_max_lifespan => + 2592000 ******************************************* Keycloak_realm[SoftwareHeritage] => parameters => sso_session_idle_timeout => + 604800 sso_session_max_lifespan => + 2592000 ******************************************* Keycloak_realm[master] => parameters => sso_session_idle_timeout => + 604800 sso_session_max_lifespan => + 2592000 ******************************************* *** End octocatalog-diff on kelvingrove.internal.softwareheritage.org ``` Related to T3272

It enables to extend an OpenID Connect refresh token expiration from 30 minutes to 6 hoursone week. It means a user does not have to login with his credentials again during that idle period. For instance when a user logged in into SWH Web Applications using a browser, if he visits the website again during that idle period he will remain connected to his authenticated session. Please note that it does not affect user permissions encoded in OIDC access tokens that are renewed every 5 minutes. ``` 14:50```15:40 $ bin/octocatalog-diff --octocatalog-diff-args --no-truncate-details -t staging kelvingrove.internal.softwareheritage.org Found host kelvingrove.internal.softwareheritage.org Cloning into '/tmp/swh-ocd.H42JRbSMtRNPqiYk/environments/production/data/private'... done. Cloning into '/tmp/swh-ocd.H42JRbSMtRNPqiYk/environments/staging/data/private'... done. *** Running octocatalog-diff on host kelvingrove.internal.softwareheritage.org I, [2021-05-06T14:51:47.441665 #5177805:41:03.438354 #568859] INFO -- : Catalogs compiled for kelvingrove.internal.softwareheritage.org I, [2021-05-06T14:51:47.702618 #5177805:41:03.694366 #568859] INFO -- : Diffs computed for kelvingrove.internal.softwareheritage.org diff origin/production/kelvingrove.internal.softwareheritage.org current/kelvingrove.internal.softwareheritage.org ******************************************* Keycloak_realm[SoftwareHeritageStaging] => parameters => sso_session_idle_timeout => + 21600+ 604800 sso_session_max_lifespan => + 2592000 ******************************************* Keycloak_realm[SoftwareHeritage] => parameters => sso_session_idle_timeout => + 21600+ 604800 sso_session_max_lifespan => + 2592000 ******************************************* Keycloak_realm[master] => parameters => sso_session_idle_timeout => + 21600+ 604800 sso_session_max_lifespan => + 2592000 ******************************************* *** End octocatalog-diff on kelvingrove.internal.softwareheritage.org ``` Related to T3272