kiali icon indicating copy to clipboard operation
kiali copied to clipboard
verified publisher icon kiali

Multicluster on openshift - each "session" expires separately

Open nrfox opened this issue 1 year ago • 3 comments

What do you want to improve?

When using multicluster on openshift, each cluster's session should expire separately and be handled the way that session expiration happens for single cluster. It should also include in the pop up which cluster/session is expiring.

What is the current behavior?

Session expiration is handled only for the kiali home cluster.

What is the new behavior?

Session expiration is handled for each cluster.

nrfox avatar Jul 03 '24 17:07 nrfox

Silly question, do we really need session expiration?

jshaughn avatar Jul 03 '24 18:07 jshaughn

Silly question, do we really need session expiration?

Token expiration is a setting on the OAuthClient: https://github.com/kiali/helm-charts/blob/master/kiali-server/templates/oauth.yaml#L21. I'm not sure what the upper bound is on that or whether or not you can disable expiration altogether. But either way expiring the tokens is considered best practice. It'd be nice to implement refresh tokens for openshift and oidc logins so that you don't have to login as often: https://github.com/kiali/kiali/issues/5233

nrfox avatar Jul 03 '24 19:07 nrfox

Needs more input on UX to improve login experience when multiple clusters are expiring at once.

nrfox avatar Aug 14 '24 14:08 nrfox