Overriding OIDC token timeouts: bug or am I overlooking something?

Cantor, Scott cantor.2 at osu.edu
Mon Sep 23 08:27:14 EDT 2019

On 9/22/19, 6:10 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

> I asked a couple weeks ago about overriding refresh and access token lifetimes for the OIDC extension. I implemented
> this, but it's causing some very weird behavior. When I put something in like the following, it seems to lose other
> OIDC configuration values.

You should be inheriting all the settings defined on the OIDC.SSO bean, whatever those are, but no other profiles would be enabled for that override. That's how it has always worked. The profileConfigurations property is being overridden en-masse.

-- Scott

More information about the users mailing list