I´m using pac4j, shiro with Keycloak.
I´m getting the following error message:
Unable to renew the user profile for key: KeycloakOidcClient: org.pac4j.core.exception.TechnicalException: Bad token response, error=invalid_grant, description=Token is not active
The error message occurs as soon my session has been expired and I would like to use again my Webapp. It´s raised in this class from Pac4j: org.pac4j.oidc.credentials.authenticator.OidcAuthenticator.executeTokenRequest(OidcAuthenticator.java:206)
Shiro.ini
#Keycloack
oidcConfig = org.pac4j.oidc.config.KeycloakOidcConfiguration
oidcConfig.realm = gixx
oidcConfig.baseUri = http://localhost:9009/auth
oidcConfig.discoveryURI = http://localhost:9009/auth/realms/myrealm/.well-known/openid-configuration
oidcConfig.clientId = myclient
oidcConfig.secret = xasasasasasasassasa
oidcConfig.clientAuthenticationMethodAsString = client_secret_basic
oidcConfig.useNonce = true
oidcConfig.scope = openid
oidcConfig.responseType = code
oidcConfig.withState = false
Where do I define the session expired time? Is this defined in Keycloak? Or do I use here also Shiro:
# Session Timeout 8 hours
sessionManager.globalSessionTimeout= 28800000
On every request, pac4j checks if the profile is expired and if so, tries to renew it.
You should have a shorter web session than the lifetime of the pac4j profile = the access token lifetime.