[keycloak-user] Clarification for using Revocation Policies and Push Revocation

Stian Thorgersen stian at redhat.com
Wed Jan 14 03:07:10 EST 2015



----- Original Message -----
> From: "Mike Kuznetsov" <mikhail.kuznetsov at hp.com>
> To: keycloak-user at lists.jboss.org
> Sent: Tuesday, 13 January, 2015 10:01:08 PM
> Subject: [keycloak-user] Clarification for using Revocation Policies and	Push Revocation
> 
> 
> 
> Hello,
> 
> 
> 
> We are in the process of securing our REST APIs using Keycloak.
> 
> 
> 
> We would like to be able to use the Push Revocation feature. Please clarify
> the following:
> 
> 1. What is the expected behavior of this feature?

The server pushes the revocation time out to all registered applications. All registered applications should store this revocation time and not allow any tokens issues prior.

> 
> 2. Is this feature handled by the application server adapter, and if so,
> where? Or do we need to modify the application itself to support this
> feature?

Yes, all our server side adapters handle this feature themselves. All you need to do is register the admin url for the application in the admin console.

> 
> 
> 
> Thank You,
> 
> - Mikhail Kuznetsov
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list