We've seen a handful of cases where users' login credentials seem to expire within a few minutes of logging in. If you have AWS credential propagation setup you'll want to check the following values under Central Config (Admin > Advanced):
com.cerebro.domino.auth.aws.sts.enabled
com.cerebro.domino.auth.aws.sts.defaultSessionDuration
com.cerebro.domino.auth.aws.sts.region
You'll find the proper settings for these in our credential propagation docs found here (please select your version of Domino on the bottom left).
The next place to check would be Keycloak. Ou Keycloak timeout settings are 60 days by default. However, this can be adjusted in a handful of ways. Please see the Keycloak documentation for guidance.
If all these settings appear to be correct but users are still being asked to login repeatedly, you may want to adjust the "clock skew" within Keycloak. We suggest starting that at 120s then adjusting up or down depending on how the system responds.
If you're still having trouble diagnosing the issue, please reach out to the support team for help.
Comments
0 comments
Please sign in to leave a comment.