I am looking for a way to extend Pomerium session automatically if the user is active.
Currently, I am using the default cookie expiration: 14h. I would like to be able to close sooner the user session if the user is not active. I thought about reducing the cookie expiration to 1h but then the user has to login again every 1h.
Ideally, I would like to logout the user after 1h of inactivity or after a day. This would force the user to authentication again every day and also reduce the risk of session staying open if the user does not use the application.
Does Pomerium support such functionality ?
- Pomerium version: v0.14.2
- Linux container inside a Kubernetes cluster
- Traefik is used as Ingress controller
- Pomerium is used for forward auth from Traefik
- Keycloak is used as Identity Provider for Pomerium
shared_secret: XXXXX address: :80 insecure_server: true policy: - from: https://myapp.external to: http://myapp.internal:8080 allowed_domains: - mydomain.com authenticate_service_url: https://pomerium-authenticate.external cookie_secret: YYYYY idp_client_id: keycloak-idp idp_client_secret: ZZZZZ idp_provider: oidc idp_provider_url: https://keycloak.external idp_qps: 0 authorize_service_url: http://pomerium-authorize.internal forward_auth_url: http://pomerium-proxy.internal databroker_service_url: http://pomerium-cache.internal databroker_storage_type: memory
I am also open to other solutions that could logout the user automatically after a period of inactivity.