Keep session alive

Question?

I am looking for a way to extend Pomerium session automatically if the user is active.
Currently, I am using the default cookie expiration: 14h. I would like to be able to close sooner the user session if the user is not active. I thought about reducing the cookie expiration to 1h but then the user has to login again every 1h.

Ideally, I would like to logout the user after 1h of inactivity or after a day. This would force the user to authentication again every day and also reduce the risk of session staying open if the user does not use the application.

Does Pomerium support such functionality ?

What’s your environment like?

  • Pomerium version: v0.14.2
  • Linux container inside a Kubernetes cluster
  • Traefik is used as Ingress controller
  • Pomerium is used for forward auth from Traefik
  • Keycloak is used as Identity Provider for Pomerium

What’s your config.yaml?

shared_secret: XXXXX
address: :80
insecure_server: true
policy:
- from: https://myapp.external
  to: http://myapp.internal:8080
  allowed_domains:
  - mydomain.com
authenticate_service_url: https://pomerium-authenticate.external
cookie_secret: YYYYY
idp_client_id: keycloak-idp
idp_client_secret: ZZZZZ
idp_provider: oidc
idp_provider_url: https://keycloak.external
idp_qps: 0
authorize_service_url: http://pomerium-authorize.internal
forward_auth_url: http://pomerium-proxy.internal
databroker_service_url: http://pomerium-cache.internal
databroker_storage_type: memory

I am also open to other solutions that could logout the user automatically after a period of inactivity.