[keycloak-dev] Cleanup of 'Change password' screen in Account app
Bill Burke
bburke at redhat.com
Fri Nov 27 10:23:45 EST 2015
On 11/27/2015 10:19 AM, Stian Thorgersen wrote:
> I guess at least the re-auth part is logic that belongs in the client
> that performs the login.
>
> Question though for authentication levels as well as authentication
> timeout (or whatever you call it) shouldn't a rest service be able to
> say things like I require the user to have authenticated with password +
> otp, and to have authenticated within N minutes?
>
I think SAML has extensions for that. OIDC doesn't.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list