[keycloak-user] SAML2.0: support for SessionNotOnOrAfter
Leonid Rozenblyum
lrozenblyum at gmail.com
Mon Jul 23 03:30:13 EDT 2018
Thanks for the great explanation!
Actually I've found 1 more thread related to this question:
http://lists.jboss.org/pipermail/keycloak-user/2018-May/thread.html#14023
On Mon, Jul 23, 2018 at 4:48 AM Dmitry Telegin <dt at acutus.pro> wrote:
> Hi Leonid,
>
> Grepping the Keycloak code shows that it does "know" about
> SessionNotOnOrAfter, that means is able to parse it from XML and
> get/set the value in the model. But that's all, Keycloak doesn't
> actually manipulate this attribute in any way. Seems like bug / missing
> feature to me, but let's see what the Keycloak devs say.
>
> Meanwhile, you could implement a custom ProtocolMapper to populate the
> SessionNotOnOrAfter attribute. (This could have been even easier had
> the script mapper existed for SAML, see KEYCLOAK-5520)
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info at acutus.pro
>
> On Fri, 2018-07-20 at 11:16 +0300, Leonid Rozenblyum wrote:
> > Hello.
> > Does Keycloak support the attribute SessionNotOnOrAfter based on
> > realm
> > settings of session timeout? Maybe some another way to inform Service
> > Provider about the desired session end time?
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list