External authentication: session expiration


I have spent some time in understanding how authentication works in Foreman. We have multiple auth sources in Foreman: External, LDAP, internal.

I have a few findings related to the existing auth flows:

  1. For Kerberos authentication, we do get a expiration time in the kerberos ticket but we still use the idle timout setting in Foreman to set the session timeout.
  2. In case of apache authentication also, we use the same idle timout setting to set the authentication timeout.

For the openid connect, when we get the JWT token, I tried to extract the expiry of the token and set that as session expiry time. But now, I realize that all the other flows use the idle timout setting in Foreman. Should we keep that consistent and use the settings for openid-connect session time out too?