Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add docs for web_idle_timeout #42058

Merged
merged 3 commits into from
Jun 3, 2024
Merged

Add docs for web_idle_timeout #42058

merged 3 commits into from
Jun 3, 2024

Conversation

ravicious
Copy link
Member

@ravicious ravicious commented May 27, 2024
edited
Loading

Preview

We got a ticket from a customer who asked if it's possible to increase the timeout in Cloud.

It's not easy to figure this out since the idle timeout is not mentioned explicitly anywhere, other than in the config reference. And even if you find it there, then you need to know that that part of auth service config maps to cluster_networking_config in Cloud. On top of that, editing cluster_networking_config in Cloud clusters used to not work, but this has been fixed a while ago (#18829).

I added tabs for dynamic and static config which I copied from the Okta SSO guide. I know we want to remove them from how-to guides (#38931), but I think they're fine here? It feels important to show how it can be done in both environments. Let me know if I should replace the tabs with something else.

The docs are based on the relevant piece of code in the Web UI:

teleport/web/packages/teleport/src/components/Authenticated/Authenticated.tsx

Lines 116 to 155 in dd33d8d

function startActivityChecker(ttl = 0) {
// adjustedTtl slightly improves accuracy of inactivity time.
// This will at most cause user to log out ACTIVITY_CHECKER_INTERVAL_MS early.
// NOTE: Because of browser js throttling on inactive tabs, expiry timeout may
// still be extended up to over a minute.
const adjustedTtl = ttl - ACTIVITY_CHECKER_INTERVAL_MS;
// See if there is inactive date already set in local storage.
// This is to check for idle timeout reached while app was closed
// ie. browser still openend but all app tabs closed.
if (isInactive(adjustedTtl)) {
logger.warn('inactive session');
session.logout();
return;
}
// Initialize or renew the storage before starting interval.
storageService.setLastActive(Date.now());
const intervalId = setInterval(() => {
if (isInactive(adjustedTtl)) {
logger.warn('inactive session');
session.logout();
}
}, ACTIVITY_CHECKER_INTERVAL_MS);
const throttled = throttle(() => {
storageService.setLastActive(Date.now());
}, ACTIVITY_EVENT_DELAY_MS);
events.forEach(event => window.addEventListener(event, throttled));
function stop() {
throttled.cancel();
clearInterval(intervalId);
events.forEach(event => window.removeEventListener(event, throttled));
}
return stop;
}

teleport/web/packages/teleport/src/components/Authenticated/Authenticated.tsx

Lines 37 to 47 in dd33d8d

const events = [
// Fired from any keyboard key press.
'keydown',
// Fired when a pointer (cursor, pen/stylus, touch) changes coordinates.
// This also handles mouse scrolling. It's unlikely a user will keep their
// mouse still when scrolling.
'pointermove',
// Fired when a pointer (cursor, pen/stylus, touch) becomes active button
// states (ie: mouse clicks or pen/finger has physical contact with touch enabled screen).
'pointerdown',
];

Related issues:

@ravicious ravicious added backport/branch/v13 backport/branch/v14 no-changelog Indicates that a PR does not require a changelog entry backport/branch/v15 labels May 27, 2024
@ravicious ravicious requested a review from kimlisa May 27, 2024 15:23
@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-p184ts3dm-goteleport.vercel.app/docs/ver/preview

@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-3mzv1opjc-goteleport.vercel.app/docs/ver/preview

kimlisa
kimlisa approved these changes May 28, 2024
View reviewed changes
docs/pages/connect-your-client/web-ui.mdx Outdated Show resolved Hide resolved
ptgott
ptgott reviewed May 29, 2024
View reviewed changes
docs/pages/connect-your-client/web-ui.mdx
`web_idle_timeout` setting.

<Tabs>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "Connect your Client" docs are intended for end users instead of admins. Is it possible to rephrase the change to target end users? E.g., we could tell them to have an admin change web_idle_timeout.

Ideally, there would be a reference we could link to from here that explains the fields of cluster_networking_config for admins, but there doesn't seem to be one. I can open an issue so we can add this.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "Connect your Client" docs are intended for end users instead of admins. Is it possible to rephrase the change to target end users? E.g., we could tell them to have an admin change web_idle_timeout.

Ah, sure, I wasn't aware of that. AFAIK that's the only page dedicated to Web UI, so I didn't even consider putting this anywhere else. I'll adjust the copy a little bit.

Ideally, there would be a reference we could link to from here that explains the fields of cluster_networking_config for admins, but there doesn't seem to be one. I can open an issue so we can add this.

I'd appreciate that, thanks.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added: #42233
I've also approved the PR

@ravicious ravicious requested a review from ptgott May 31, 2024 13:13
@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-fzb9jt87r-goteleport.vercel.app/docs/ver/preview

@ravicious ravicious added this pull request to the merge queue Jun 3, 2024
Merged via the queue into master with commit 18abae6 Jun 3, 2024
39 checks passed
@ravicious ravicious deleted the r7s/idle-timeout-docs branch June 3, 2024 09:05
@public-teleport-github-review-bot
Copy link

@ravicious See the table below for backport results.

Branch Result
branch/v13 Failed
branch/v14 Failed
branch/v15 Failed
branch/v16 Create PR

This was referenced Jun 3, 2024
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ptgott ptgott ptgott approved these changes

@kimlisa kimlisa kimlisa approved these changes

Assignees
No one assigned
Labels
backport/branch/v13 backport/branch/v14 backport/branch/v15 backport/branch/v16 documentation no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ravicious @ptgott @kimlisa @zmb3