diff --git a/backend/docs/devops/index.rst b/backend/docs/devops/index.rst new file mode 100644 index 00000000..0c8a2552 --- /dev/null +++ b/backend/docs/devops/index.rst @@ -0,0 +1,15 @@ +.. _devops_index: + +==================== +DevOps documentation +==================== + +Here you can find documentation for DevOps. + +Content +======= + +.. toctree:: + :maxdepth: 3 + + oidc \ No newline at end of file diff --git a/backend/docs/devops/oidc.rst b/backend/docs/devops/oidc.rst new file mode 100644 index 00000000..3d0941d3 --- /dev/null +++ b/backend/docs/devops/oidc.rst @@ -0,0 +1,10 @@ +.. _devops_oidc: + +Configuration for OIDC +====================== + +- ``SESSION_COOKIE_AGE`` should have the same duration as the identity provider. + Otherwise you end up with mismatching sessions between Django and IdP (see Github `issue`_). + For Keycloak, it should match the realm setting ``ssoSessionIdleTimeout``. + +.. _issue: https://github.com/maykinmedia/open-archiefbeheer/issues/422 \ No newline at end of file