[keycloak-user] Forcing reauthentication from a client, even when session is active

[Stian Thorgersen]

As we have prompt=login (I also spotted auth_time in the token) it would be
really easy to add max_age that would actually be more useful than
prompt=login IMO.

On 6 March 2017 at 15:41, Bill Burke <bburke at redhat.com> wrote:

> We support prompt=login.
>
>
> On 3/6/17 9:33 AM, Stian Thorgersen wrote:
> > OIDC has prompt=login and max_age params for it. Pretty sure we don't
> > support either at the moment though.
> >
> > On 6 March 2017 at 15:14, John D. Ament <john.d.ament at gmail.com> wrote:
> >
> >> On Mon, Mar 6, 2017 at 9:12 AM John Dennis <jdennis at redhat.com> wrote:
> >>
> >>> On 03/06/2017 08:47 AM, John D. Ament wrote:
> >>>> Hi,
> >>>>
> >>>> I have a use case where I need to reauthenticate a client, even if
> >> their
> >>>> session is active.  I can use the Keycloak javascript adapter on the
> >>> client
> >>>> side, if needed, and was wondering if this is something built in?  I
> >> was
> >>>> also expecting to leverage either the OIDC or SAML adapter on the
> >> server
> >>>> side.  Can that work, regardless or server side adapter?
> >>> In SAML you set ForceAuthn=True in the AuthnRequest.
> >>>
> >>>
> >> This is not SAML specific.
> >>
> >>
> >>> --
> >>> John
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>