[X] Is the issue report properly structured and detailed with version numbers?
[ ] Is this for Kubeflow development ?
[X] Would you like to work on this issue?
[ ] You can join the CNCF Slack and access our meetings at the Kubeflow Community website. Our channel on the CNCF Slack is here #kubeflow-platform.
Version
1.8
Describe your issue
Hi All,
Facing kubeflow page session expire when it's in ideal for more then 15 min. we want to keep the ideal session more then 1 hour mininum.
As per SSO server side, The default lifetime for the refresh tokens is 15min and Access token is 8 hours.
Kubeflow central dashboard and Jupyter web pages are getting session timeout with in 15 min of time, but it will extend another 15 min if we refresh the central dashboard page manually.
We are running pingid for sso auth.
Details are given below, where we can change the timeout configuration for OIDC, tried with multiple methods and option those are not successful.
Note: Uses are running notebooks for modal testing which taken more then 1 hour and kubeflow page session should not expire.
Environment Details:
Kubeflow Version: v1.8
Kubernetes version: v 1.23.5
Kubeflow setup: followed the kubeflow manifest method.
We are running pingid for sso auth.
OIDC POD Error: After 15 min of ideal session.
time="2024-06-18T15:54:42Z" level=error msg="
Failed to refresh token: oidc: get access token: oauth2: cannot fetch token: 400 Bad Request
\nResponse: {\"error_description\":\"unknown, invalid, or **expired refresh token**\",\"error\":\"invalid_grant\"}" context="session authenticator" ip=10.233.109.143 request="/notebook/tai-titer-da-ws/firsttest/api/kernels?1718726082426"
time="2024-06-18T15:54:42Z" level=info msg="**OAuth2 tokens have expired, revoking OIDC session**" context="session authenticator" ip=10.233.109.143 request="/notebook/tai-titer-da-ws/firsttest/api/kernels?1718726082426"
time="2024-06-18T15:54:42Z" level=info msg="Attempting to revoke refresh token..."
time="2024-06-18T15:54:42Z" level=error msg="Failed to refresh token: oidc: get access token: oauth2: cannot fetch token: 400 Bad Request\nResponse: {\"error_description\":\"unknown, invalid, or expired refresh token\",\"error\":\"invalid_grant\"}" context="session authenticator" ip=10.233.109.143 request="/notebook/tai-titer-da-ws/firsttest/api/terminals?1718726082425"
time="2024-06-18T15:54:42Z" level=info msg="OAuth2 tokens have expired, revoking OIDC session" context="session authenticator" ip=10.233.109.143 request="/notebook/tai-titer-da-ws/firsttest/api/terminals?1718726082425"
time="2024-06-18T15:54:42Z" level=info msg="Attempting to revoke refresh token..."
Validation Checklist
Version
1.8
Describe your issue
Hi All, Facing kubeflow page session expire when it's in ideal for more then 15 min. we want to keep the ideal session more then 1 hour mininum.
Note: Uses are running notebooks for modal testing which taken more then 1 hour and kubeflow page session should not expire.
Environment Details: Kubeflow Version: v1.8 Kubernetes version: v 1.23.5 Kubeflow setup: followed the kubeflow manifest method. We are running pingid for sso auth.
OIDC POD Error: After 15 min of ideal session.
OIDC Provider configuration. File: common/oidc-client/oidc-authservice/base/params.env
Error From Kubeflow page:
Steps to reproduce the issue
Put here any screenshots or videos (optional)
No response