[keycloak-user] Question re app timeout
Stian Thorgersen
sthorger at redhat.com
Fri Apr 8 01:12:51 EDT 2016
We don't have support for this at the moment and would like to do it at
some point. It would mainly be a matter of adding the authentication time
to the token as well as implementing support for prompt=login (see
http://openid.net/specs/openid-connect-implicit-1_0.html#rfc.section.2.1.1.1
).
You could probably achieve the same with a custom authentication flow and a
custom protocol mapper that adds the authentication time to the token.
On 8 April 2016 at 01:35, Richard Lavallee <rllavallee at hotmail.com> wrote:
> Does anyone know the answer to this?
>
> I want to setup up a Keycloak SSO for, say, five apps: only one of which
> is required (by U.S. State Law) to become logged out upon ten inactive
> minutes timeout.
> How can I achieve this in Keycloak?
>
> So for example: user signs in to Keycloak and begins working in APP1 then
> switches to APP2 and stays there for more than ten minutes. User re-visits
> APP1 which has been idle for more than ten minutes. By law he needs to
> re-authenticate to APP1 even though he remains already authenticated in
> Keycloak. How to force re-authentication for at least APP1?
>
> -Richard
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160408/f77cc220/attachment.html
More information about the keycloak-user
mailing list