RHIDP-4684 Update Keycloak configuration instructions to improve performance and security

themr0c · themr0c · commit c987a9de63bc · 2024-11-06T17:16:15.000+01:00
Signed-off-by: Fabrice Flore-Thébault &lt;ffloreth@redhat.com&gt;
diff --git a/modules/authentication/proc-enabling-authentication-with-rhsso.adoc b/modules/authentication/proc-enabling-authentication-with-rhsso.adoc
@@ -23,6 +23,11 @@ Save the value for the next step:
 * **Client ID**
 * **Client Secret**
 
+.. Configure your {rhsso} realm for performance and security:
+... Navigate to the **Configure > Realm Settings**.
+... Set the **Access Token Lifespan** to a value greater than 5 min (ideally 10 or 15 minutes) to avoid performance issue caused by unnecessary refresh token requests sent for every API call.
+... Enable the **Revoke Refresh Token** option to improve security by enabling the refresh token rotation strategy.
+
 .. To prepare for the verification steps, in the same realm, get the credential information for an existing user or link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#create-user_[create a user]. Save the user credential information for the verification steps.
 
 . To add your {rhsso} credentials to your {product-short} secrets, edit your {product-short} secrets, such as `secrets-rhdh`, and add the following key/value pairs:
