From 750dc5c979f9d895afe13e071e469d4b99375a43 Mon Sep 17 00:00:00 2001 From: SilviaAmAm Date: Thu, 17 Oct 2024 14:29:07 +0200 Subject: [PATCH] :memo: [#422] Add explanation for django session timeout config --- backend/docs/devops/index.rst | 15 +++++++++++++++ backend/docs/devops/oidc.rst | 10 ++++++++++ 2 files changed, 25 insertions(+) create mode 100644 backend/docs/devops/index.rst create mode 100644 backend/docs/devops/oidc.rst diff --git a/backend/docs/devops/index.rst b/backend/docs/devops/index.rst new file mode 100644 index 00000000..0c8a2552 --- /dev/null +++ b/backend/docs/devops/index.rst @@ -0,0 +1,15 @@ +.. _devops_index: + +==================== +DevOps documentation +==================== + +Here you can find documentation for DevOps. + +Content +======= + +.. toctree:: + :maxdepth: 3 + + oidc \ No newline at end of file diff --git a/backend/docs/devops/oidc.rst b/backend/docs/devops/oidc.rst new file mode 100644 index 00000000..3d0941d3 --- /dev/null +++ b/backend/docs/devops/oidc.rst @@ -0,0 +1,10 @@ +.. _devops_oidc: + +Configuration for OIDC +====================== + +- ``SESSION_COOKIE_AGE`` should have the same duration as the identity provider. + Otherwise you end up with mismatching sessions between Django and IdP (see Github `issue`_). + For Keycloak, it should match the realm setting ``ssoSessionIdleTimeout``. + +.. _issue: https://github.com/maykinmedia/open-archiefbeheer/issues/422 \ No newline at end of file