How to set session expiry time for mod_auth_openidc

Question

We are using OpenID Connect on one of our applications, and implementing with Apache's mod_auth_openidc. Is there a way to set the expiry time of the session? Our current configuration looks like this:

    OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
    OIDCClientID XXXXXXXXXXXXXXXXX
    OIDCClientSecret ZZZZZZZZZZZZZZZ
    OIDCRedirectURI https://jZZZZZZZZ.com
    OIDCCryptoPassphrase <password>
    OIDCScope "openid email"
    <Location />
            AuthType openid-connect
            require valid-user
            Require claim hd:xxxxxx
   </Location>

score 3 · Answer 1 · edited Aug 10 '20 at 11:12

3

You can set OIDCSessionMaxDuration as documented in the template .conf file https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf#L529:

# Maximum duration of the application session
# When not defined the default is 8 hours (3600 * 8 seconds).
# When set to 0, the session duration will be set equal to the expiry time of the ID token.
# NB: this can be overridden on a per-OP basis in the .conf file using the key:
# "session_max_duration"
#OIDCSessionMaxDuration <seconds>

edited Aug 10 '20 at 11:12

zb226

9,586
6
49
79

answered Aug 13 '15 at 10:53

Hans Z.

50,496
12
102
115

I have this configured, by still received `oidc_clean_expired_state_cookies` any ideas ? – Ricky Levi Feb 13 '23 at 12:15

How to set session expiry time for mod_auth_openidc

1 Answers1