1. Home
  2. General
  3. Bug Report
  4. RE: OpenID Connect session is not synced with IdP

RE: OpenID Connect session is not synced with IdP

Jan Tošovský, modified 8 Months ago.
OpenID Connect session is not synced with IdP
Liferay Master Posts: 576 Join Date: 7/22/10 Recent Posts

When OIDC is enabled, it is possible to configure the refresh interval: System Settings | SSO | OpenID Connect | Token Refresh Scheduled Interval

It gives the false assumption the session is regularly synced with IdP, however, looking into the LR code I can't see any scheduler communicating with IdP (refreshing the token), let alone utilize this configured value.

Now, if the IdP session is closed outside of LR, LR can't detect this and logout the user automatically.

openid connect session management
thumbnail
Zsigmond Rab, modified 8 Months ago.
RE: OpenID Connect session is not synced with IdP (Answer)
Liferay Master Posts: 764 Join Date: 1/5/10 Recent Posts

Hi Jan,

The scheduler is registered here and the communication towards the OIDC Provider is triggered here and the communication goes here. The process updates the access token expiration date. Were you looking for this?

Nevertheless, your last sentence suggests that something is not working on your side. Does the info above help you to progress in investigating the problem?

Regards,
Zsigmond

Jan Tošovský, modified 8 Months ago.
RE: RE: OpenID Connect session is not synced with IdP
Liferay Master Posts: 576 Join Date: 7/22/10 Recent Posts

I was fooled by the "Offline" prefix of that scheduler assuming it was for something else. And partly also by the GitHub search highlighter showing just the first few occurrences, but I was too impatient and did not seek it further in the remaining code. Finally, I assumed incorrectly the scheduler triggers the refresh at that configured rate, but it does so only if the original token is near expiration. The expiration of the token was greater so I was puzzled why the session was not closed. Now I understand.

thumbnail
Zsigmond Rab, modified 8 Months ago.
RE: RE: OpenID Connect session is not synced with IdP
Liferay Master Posts: 764 Join Date: 1/5/10 Recent Posts

Np Jan, the "Ofline" may be a bit misleading, indeed.