[keycloak-user] Forcing reauthentication from a client, even when session is active

Stian Thorgersen sthorger at redhat.com
Tue Mar 7 03:13:59 EST 2017 

True, I was focusing just on require re-auth every X min. I reckon we
should add max_age and use it for the admin console with a
sensible/configurable timeout.

On 6 March 2017 at 16:11, Bill Burke <bburke at redhat.com> wrote:

> prompt=login is just as useful.  It allows applications to require
> re-authentication in order to perform a specific action in the app.
>
> On 3/6/17 9:55 AM, Stian Thorgersen wrote:
>
> As we have prompt=login (I also spotted auth_time in the token) it would
> be really easy to add max_age that would actually be more useful than
> prompt=login IMO.
>
> On 6 March 2017 at 15:41, Bill Burke <bburke at redhat.com> wrote:
>
>> We support prompt=login.
>>
>>
>> On 3/6/17 9:33 AM, Stian Thorgersen wrote:
>> > OIDC has prompt=login and max_age params for it. Pretty sure we don't
>> > support either at the moment though.
>> >
>> > On 6 March 2017 at 15:14, John D. Ament <john.d.ament at gmail.com> wrote:
>> >
>> >> On Mon, Mar 6, 2017 at 9:12 AM John Dennis <jdennis at redhat.com> wrote:
>> >>
>> >>> On 03/06/2017 08:47 AM, John D. Ament wrote:
>> >>>> Hi,
>> >>>>
>> >>>> I have a use case where I need to reauthenticate a client, even if
>> >> their
>> >>>> session is active.  I can use the Keycloak javascript adapter on the
>> >>> client
>> >>>> side, if needed, and was wondering if this is something built in?  I
>> >> was
>> >>>> also expecting to leverage either the OIDC or SAML adapter on the
>> >> server
>> >>>> side.  Can that work, regardless or server side adapter?
>> >>> In SAML you set ForceAuthn=True in the AuthnRequest.
>> >>>
>> >>>
>> >> This is not SAML specific.
>> >>
>> >>
>> >>> --
>> >>> John
>> >>> _______________________________________________
>> >>> keycloak-user mailing list
>> >>> keycloak-user at lists.jboss.org
>> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>>
>> >> _______________________________________________
>> >> keycloak-user mailing list
>> >> keycloak-user at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>

More information about the keycloak-user mailing list