[keycloak-user] Force additional authentication for specific pages?

Eric B ebenzacar at gmail.com
Sun Jun 3 11:33:07 EDT 2018


I'm not sure how this can be done in Keycloak, but I suspect that it must
be feasible.  Is there a way to use Resources, or something similar, that
would force an already-authenticated user to reauthenticate himself when
accessing a specific set of resources?

For example, if a user wants to access high-level administrative functions,
I would like for the user to reauthenticate themselves again.  This
reauthentication could be valid for a finite period of time (ex: 5 mins),
before the user would have to once-again reauthenticate themselves to
continue using the high-level admin functions.

During the period where the user re-authenticates himself for the
high-level functions, I want his existing Keycloak session to continue as
it was; there should be no interruption in his original session or
credentials.

I've been looking to see if there was a way to use Keycloak Authorization
Resources and Permissions to accomplish this.  Are there any good examples
or docs that could help steer me?  Or am I looking down the wrong path?

Thanks,

Eric


More information about the keycloak-user mailing list