[keycloak-user] How to force a re-authentication using the Keycloak Filter Adapter

[Eric B]

I'm securing a webapp in Wildfly using the Keycloak Servlet Filter Adapter (
https://www.keycloak.org/docs/3.3/securing_apps/topics/oidc/java/servlet-filter-adapter.html)
rather than the Wildfly container adapter.

Overall the filter is great and works very well.  However, I've been trying
to figure out how I can leverage it to force a reauthentication by my
application.  As per the OIDC specs, I know I can pass 'prompt=login' to a
call to Keycloak to force the user to reauthenticate himself, but not sure
how to leverage the adapter to do this for me.

I've noticed some special PreAuthentication hooks in the adapter to handle
callbacks from Keycloak and tried to see if there was anything there, but
they do not seem to handle this type of case.

Are there any special URL parameters I can use that would be recognized and
intercepted by the filter and force a user to reauthenticate themselves?

Thanks,

Eric