search

pulsejet / nextcloud-oidc-login

Nextcloud login via a single OpenID Connect 1.0 provider
https://apps.nextcloud.com/apps/oidc_login
GNU Affero General Public License v3.0
219 stars 59 forks source link

Session too short (5 mins) #257

Open ramon-roca opened 8 months ago

ramon-roca commented 8 months ago

I have the plugin working successfully together with LDAP, but getting crazy to make it work properly. Once logged, sessions get disconnected just after 5 mins aprox. unless they refresh the page, but if, for instance, user is static in the same page but editing a document for > than 5 minutes, might lose hist work. I mean, SSO works, but with this session times, it's almost unusable at all.

Looks basic, but getting lost since a few days ago trying to figure out howto control session times, at keycloak openid client I've set sessions for a day (Advanced settings Client Session Idle/Client Session Max) , but no effect at all. Any help will be appreciated!

image

Here my config:

  'oidc_login_provider_url' => 'https://<mydomain.org>/auth/realms/master',
  'oidc_login_client_id' => 'cloud',
  'oidc_login_client_secret' => '<redacted>',
  'oidc_login_auto_redirect' => false,
  'oidc_login_end_session_redirect' => false,
  'oidc_login_default_quota' => '1000000000',
  'oidc_login_button_text' => 'My IdM SSO',
  'oidc_login_hide_password_form' => false,
  'oidc_login_use_id_token' => false,
  'oidc_login_attributes' => 
  array (
    'id' => 'sub',
    'name' => 'name',
    'mail' => 'email',
    'home' => 'homeDirectory',
    'ldap_uid' => 'uid',
    'login_filter' => 'realm_access_roles',
    'photoURL' => 'picture',
  ),
  'oidc_login_allowed_groups' => NULL,
  'oidc_login_filter_allowed_values' => NULL,
  'oidc_login_use_external_storage' => false,
  'oidc_login_scope' => 'openid profile',
  'oidc_login_proxy_ldap' => true,
  'oidc_login_disable_registration' => true,
  'oidc_login_redir_fallback' => false,
  'oidc_login_alt_login_page' => 'assets/login.php',
  'oidc_login_tls_verify' => true,
  'oidc_create_groups' => false,
  'oidc_login_webdav_enabled' => false,
  'oidc_login_password_authentication' => false,
  'oidc_login_public_key_caching_time' => 86400,
  'oidc_login_min_time_between_jwks_requests' => 10,
  'oidc_login_well_known_caching_time' => 86400,
  'oidc_login_update_avatar' => false,
  'oidc_login_skip_proxy' => false,
  'oidc_login_code_challenge_method' => '',