This document outlines how to change the Keycloak default token lifetime or the token lifetime for a specific client.
Note: The default value for these settings is 365 days.
Log in to Keycloak with the default admin credentials.
Point a browser at https://auth.SYSTEM_DOMAIN_NAME/keycloak/admin
, replacing SYSTEM_DOMAIN_NAME
with the actual NCN's DNS name.
The following is an example URL for a system: https://auth.cmn.system1.us.cray.com/keycloak/admin
Use the following admin login credentials:
- Username:
admin
- The password can be obtained with the following command:
kubectl get secret -n services keycloak-master-admin-auth \
--template={{.data.password}} | base64 --decode
- Select
Realm Settings
underConfigure
on the left of theadmin
page. - Select the
Tokens
tab. - Change the following options to the appropriate lifetime values:
SSO Session Idle
SSO Session Max
Access Token Lifespan
Access Token Lifespan for Implicit Flow
- Click
Save
at the bottom of the page.
- Select
Clients
underConfigure
on the left of theadmin
page. - Select the client that you wish to change the token lifetime for.
- Expand
Advanced Settings
. - Change the
Access Token Lifespan
to the appropriate lifetime value. - Click
Save
at the bottom of the page.