Hey, I’m implementing a SSO with an external idp. The foundation is set and basic features like login and logout work fine. Atm I’m checking how certain edge cases are being handled. One of them is the Login Timeout.
Imagine my application redirecting the user to the Keycloak login page. Suddenly the user has something else to do and leave their computer for a while. When returning the Login Timeout has been triggered and Keycloak reloads the page with a message saying the login took to long and the user might reenter their credentials. My problem is that the nonce in the response to the external idp is empty at that point and thus fails.
Does anyone know why this happens and how I could work around it? A feasible solution would be to redirect the user to a static webpage and explain to them what happened.
I’m using a hybrid flow with
response_type code token and I have both Standard and Implicit Flow enabled in the settings of the client.