[keycloak-dev] Disabling SAML client
Michal Hajas
mhajas at redhat.com
Mon Dec 7 07:56:40 EST 2015
Hi,
I am wondering what should happen in second scenario below.
I have working SAML client and try to disable client in admin console in next two scenarios:
First:
1. Disable client in admin console
2. Try to access client URL -> I am getting "Login requester not enabled". I think this behavior is correct.
Second:
1. Login to client
2. Disable client in admin console
3. Nothing happens, secured resource is still available, even after some time.
Is it correct? Shouldn't keycloak forbid to refresh token or somehow restrict accessing secured resource?
Thank you,
Michal Hajas.
More information about the keycloak-dev
mailing list