OpenID Connect session is not synced with IdPOpenID Connect session is not synced with IdPhttps://liferay.dev/de/c/message_boards/find_thread?p_l_id=119785294&threadId=1232009032026-04-18T00:32:36Z2026-04-18T00:32:36ZRE: RE: OpenID Connect session is not synced with IdPZsigmond Rabhttps://liferay.dev/de/c/message_boards/find_message?p_l_id=119785294&messageId=1232044462025-01-24T10:42:57Z2025-01-24T10:42:56Z<p>Np Jan, the "<em>Ofline</em>" may be a bit misleading, indeed.</p>Zsigmond Rab2025-01-24T10:42:56ZRE: RE: OpenID Connect session is not synced with IdPJan Tošovskýhttps://liferay.dev/de/c/message_boards/find_message?p_l_id=119785294&messageId=1232045012025-01-24T10:23:09Z2025-01-24T10:23:09Z<p>I was fooled by the "Offline" prefix of that scheduler
assuming it was for something else. And partly also by the GitHub
search highlighter showing just the first few occurrences, but I was
too impatient and did not seek it further in the remaining code.
Finally, I assumed incorrectly the scheduler triggers the refresh at
that configured rate, but it does so only if the original token is
near expiration. The expiration of the token was greater so I was
puzzled why the session was not closed. Now I understand.</p>Jan Tošovský2025-01-24T10:23:09ZRE: OpenID Connect session is not synced with IdPZsigmond Rabhttps://liferay.dev/de/c/message_boards/find_message?p_l_id=119785294&messageId=1232032732025-01-24T10:12:26Z2025-01-23T13:35:31Z<p>Hi Jan,</p>
<p>The scheduler is registered <a
href="https://github.com/liferay/liferay-portal/blob/master/modules/apps/portal-security-sso/portal-security-sso-openid-connect-impl/src/main/java/com/liferay/portal/security/sso/openid/connect/internal/session/manager/OfflineOpenIdConnectSessionManager.java#L175-L180">here</a>
and the communication towards the OIDC Provider is triggered <a
href="https://github.com/liferay/liferay-portal/blob/master/modules/apps/portal-security-sso/portal-security-sso-openid-connect-impl/src/main/java/com/liferay/portal/security/sso/openid/connect/internal/session/manager/OfflineOpenIdConnectSessionManager.java#L428-L432">here</a> and
the communication goes <a
href="https://github.com/liferay/liferay-portal/blob/master/modules/apps/portal-security-sso/portal-security-sso-openid-connect-impl/src/main/java/com/liferay/portal/security/sso/openid/connect/internal/session/manager/OfflineOpenIdConnectSessionManager.java#L428-L432">here</a>.
The process updates the access token expiration date. Were you looking
for this?</p>
<p>Nevertheless, your last sentence suggests that something is not
working on your side. Does the info above help you to progress in
investigating the problem?</p>
<p>Regards,<br> Zsigmond</p>Zsigmond Rab2025-01-23T13:35:31ZOpenID Connect session is not synced with IdPJan Tošovskýhttps://liferay.dev/de/c/message_boards/find_message?p_l_id=119785294&messageId=1232009022025-01-23T06:58:26Z2025-01-22T14:32:22Z<p>When OIDC is enabled, it is possible to configure the refresh
interval: System Settings | SSO | OpenID Connect | Token Refresh
Scheduled Interval</p>
<p>It gives the false assumption the session is regularly synced with
IdP, however, looking into the LR code I can't see any scheduler
communicating with IdP (refreshing the token), let alone utilize this
configured value.</p>
<p>Now, if the IdP session is closed outside of LR, LR can't detect this
and logout the user automatically.</p>Jan Tošovský2025-01-22T14:32:22Z