JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 13

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 14

changes.mady.by.user Uwe Risse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If no Keycloak Client is present then it can be added in Keycloak. 

  • Enabled: On
  • Direct Access Grants Enabled: On
  • Client Protocol: openid-connect
  • Access  Type: confidental
  • Credentials/Client Authenticator: Client ID and Secret
  • Roles: New roles can be added to the Client.

...

When a user logs in to the JOC Cockpit then user credentials are forwarded to the Keycloak Server that authenticates the user and returns an access token.

  • Realms/Tokens
    • Access Token Lifespan: After the lifespan an access token will expire. The access token is automatically renewed by JOC Cockpit 20s before expiration. If Client Session Idle is shorter than Access Token Lifespan access token will be renewed 20s before Client Session Idle expires.
    • Client Session Idle: After the idle timeout an access token the session will expire. The access token and implicit the session is automatically renewed by JOC Cockpit 20s before idle timeout.
    • Client Session Max: After this period a token session can no longer be renewed. It is recommended to set this value to a larger value then the session timeout configured in JOC Cockpit.
    • SSO Session Idle: Used when Client Session Idle is not set.
    • SSO Session Max: Used when Client Session Max is not set.

...