[keycloak-user] Validate User Credentials Without Creating a Session
Scott Finlay
scott.finlay at sixt.com
Tue Jan 23 03:49:01 EST 2018
Hi,
We're currently using Keycloak 2.5.5.Final, and in this version it's not possible
to validate a user's credentials (username / password combination) without
actually logging the user in which results in a session (and our sessions are long-
lived). Is there any new functionality introduced in the later versions of Keycloak
to validate the credentials without actually logging the user in?
Our use-case is that we have very long-lived tokens, but we want to require the
user to re-enter his/her password in order to perform some certain sensitive tasks
such as changing the password or username.
If such functionality is not available, would it be possible to add this?
Regards,
Scott
More information about the keycloak-user
mailing list