[keycloak-user] Different token timeouts for clients under the same realm

Marek Posolda mposolda at redhat.com
Wed Sep 2 01:29:40 EDT 2015 

I am thinking about enable/disable offline tokens per client. So in 
admin console in "Client settings" tab there will be on/off switch 
"Enable offline tokens" and you will be able to request offline token 
for particular client just if switch is enabled. Offline token won't 
never timeout, so there won't be any new option in realm timeout 
settings though.

Marek

On 01/09/15 16:39, robinfernandes . wrote:
> Thank you so much for that information.
> So would these offline tokens be at the realm level as well as 
> currently all token settings are at the realm level?
> Is there a roadmap for the 1.6 release?
>
> Thanks,
> Robin
>
> On Mon, Aug 31, 2015 at 7:27 AM, Stian Thorgersen <stian at redhat.com 
> <mailto:stian at redhat.com>> wrote:
>
>     Sounds like what you might want are offline tokens. They will
>     allow clients to get a permanent token, which can be revoked by a
>     user or admin, but doesn't expire. These should be added to 1.6
>     release.
>
>     ----- Original Message -----
>     > From: "robinfernandes ." <robin1233 at gmail.com
>     <mailto:robin1233 at gmail.com>>
>     > To: keycloak-user at lists.jboss.org
>     <mailto:keycloak-user at lists.jboss.org>
>     > Sent: Friday, 28 August, 2015 12:32:07 PM
>     > Subject: [keycloak-user] Different token timeouts for clients
>     under the same  realm
>     >
>     > Hi All,
>     >
>     > Is there a possibility where we can set different token timeouts
>     for clients
>     > under the same realm?
>     >
>     > The use case why we are trying to achieve this is basically we
>     have 2
>     > applications which require 2 different timeout settings.
>     > We want the web client timeouts to be short since there would be
>     human
>     > intervention there always, however we want our Agent timeouts to
>     be very
>     > large since there might not be anyone to log into it again.
>     >
>     > Using Keycloak we have seen that the timeout settings can be
>     applied only at
>     > the realm level though, which forces us to have each application
>     in a
>     > different realm.
>     >
>     > Can we have the timeout settings at the client(application)
>     level rather than
>     > the realm level so that we can put both the applications in the
>     same realm?
>     >
>     > Thanks & Regards,
>     > Robin
>     >
>     > _______________________________________________
>     > keycloak-user mailing list
>     > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150902/e9546f1d/attachment.html

More information about the keycloak-user mailing list