Details
-
Suggestion
-
Resolution: Duplicate
-
None
-
None
Description
It would be very useful if token expiration times could be configured per application.
We have two desktop applications under development, which both require that user's authentication token is valid for a long time. Since we use Crowd for web application SSO the timeout is set to few hours which is not enough for the desktop applications. Now we have to work around the problem by implementing a keep-alive thread that keeps each authentication token valid by refreshing it with Crowd. This creates unnecessary load and feels like a bad solution. A more elegant way would be to keep the expiration handling in Crowd.
I created a new issue for this, since http://jira.atlassian.com/browse/CWD-340 seems to request configurable application timeouts in SSO context. In this case there is no need for SSO because user can't switch for application to another.