Oidc session expires after 8 hours

Hi,

In our organisation we are using the LDAP Dex connector to authenticate to OOD. This is all working fine. A mod_auth_openidc_session cookie is generated.
However after 8 hours inside a running session, a 403 error occurs in the running app (Rstudio,Jupyterlab) because the session cookie expired.

According to the documentation in ood_portal.yml we can set the following values where the 8 hours is default.
oidc_session_inactivity_timeout: 28800
oidc_session_max_duration: 28800

We want to have the session timeout at 12 hours (43200sec) because of long-runnig computations.
If we change this to:
oidc_session_inactivity_timeout: 43200
oidc_session_max_duration: 43200

The session still expires after 8 hours. Inside the session cookie this value is Expires / Max-Age:“Session”. I thinks this means the value from oidc_session_max_duration should apply here.
Is there another setting which needs to be altered?
Thanks in advance,
Regards,
Arthur

John or Travis can probably confirm this but the Dex oidc bits are all set under the hood right? In the ondemand-portal.yml, you are only configuring the LDAP bits for Dex but the Apache → Dex OIDC parts are done automatically? i.e. at the moment there is no way to change those settings unless you go into the final apache config?

You probably need to change the setting on the Dex side as well. From the read of the mod_auth_oidc docs on OIDCSessionMaxDuration, the ID token has an expiration time as well, so I’m guessing that’s what’s expiring though that appears to default to 24 hours in Dex so that may or may not be it.