How does overriding the inactivity timeout for a client affect the overall SSL session

[Brian Levine]

Hello,

Keycloak allows you to override the inactivity timeout for a specific OIDC client (Advanced->Client Session Idle). But how does this affect the overall SSO session?  For example:

The inactivity timeout for the realm (SSO Session Idle) is 1 hour. This is overridden in "client 1"  to be 2 hours. After 1 1/2 hours of inactivity, I should still be able to access resources in client1 without having to re-authenticate, correct?. But what about the other clients? Would I still have to re-authenticate for those clients even though I don't have to re-authenticate for client1?

Thanks!

[Brian Levine]

Follow-up:  Regardless of how this override is supposed to work, I found one issue that indicates that it doesn't actually work at all.  See https://github.com/keycloak/keycloak/issues/9896 . I'd still like to understand the intended behavior though