Configure timeout Keycloak with apache2-oidc


I use keycloak and apache2-oidc in order to protect my application. I have configure the protection and it’s working. However I have many problems with the timeout of tokens. I have not found documentation in order to explain the configuration of auth_openidc.conf in apache2 and the token configuration in Keycloak.

Issues :

  • When my access_token expires and I have not touched to my application : sometimes I have a 401 but when I refresh the page I’m logged.
  • When I am on the login page for a long time I have this error : “Invalid Authentication Response” but when I refresh the page I’m logged.

In Keycloak I configure :

  • Acces Token Lifespan
  • SSO Session Idle

In apache I don’t know how to configure : OIDCStateTimeout and OIDCSessionInactivityTimeout.

Can someone explain to me how to configure these settings ?

PS : Sorry if I made language mistakes, I’m french. :slight_smile:

I have test a configuration, but I don’t understand the result :

My parameters (in order to test and understand) :

In Keycloak :
    SSO Session Idle : 3 minutes (the time to live of refresh token)
    SSO Session Max : 10 Hours (I imagine that's the maximum time of activity)
    Access Token Lifespan : 2 minutes
    Others parameters have long duration > 100 minutes
In mod_auth_openidc
    OIDCRefreshAccessTokenBeforeExpiry 60
    OIDCSessionInactivityTimeout 240
    OIDCStateTimeout 10 (Not a good value, but for testing and to be sure that this value does not interfere.)
    Others Timeout are default configuration

I have test several things : (for the start of connection, I changed the page…)

Before 1 minute : I conserve my Access Token
Between 1 and 3 minutes : I renew my Access Token
Between 3 and 4 minutes : I'm logout
Between 4 and 5 minutes : I'm redirect to logout page then I'm redirect to login page then I'm logging automatically and redirect to home protected page
After 5 minutes : I'm logout

Someone can explain me the behavior “Between 4 and 5 minutes” ?

Nobody to explain me ?