Validate client session timeout and lifetime settings on realm settings edit #44910
Description
Description
The Client Session Idle and Client Session Max values configurable under Realm Settings Sessions must never exceed the effective realm SSO session settings (SSO Session Idle / Max, and Remember Me settings if enabled).
Since client sessions are always bounded by the user session (SSO), configuring client session values longer than the realm session settings is misleading.
Currently, no validation exists when editing a client, when these client session defaults are edited at the realm level.
Motivation
Adding validation on this screen:
- Prevents misleading configurations
- Makes the dependency between realm SSO sessions and client sessions explicit
- Aligns behavior with existing validation on the Client Settings page
Details
Add validation when editing Client Session Idle and Client Session Max under Realm Settings → Sessions.
The configured values must not exceed:
- SSO Session Idle
- SSO Session Max
- SSO Session Idle Remember Me / Max Remember Me, if Remember Me is enabled
If a client session value exceeds the effective realm session value, show a validation error explaining that:
- Client sessions are limited by realm SSO sessions
- Validation should occur only when saving the realm settings
Aligns behavior with existing validation on the Client Settings page.