[keycloak-user] How to force a re-authentication using the Keycloak Filter Adapter

[Eric B]

Thanks Luis, but I think that is specific to SAML and not OIDC.
Additionally, I'm not looking to force authentication at every request;
just in specific circumstances when I want an additional layer of
validation.

Thanks,

Eric


On Fri, May 25, 2018 at 3:15 AM, Luis Rodríguez Fernández <uo67113 at gmail.com
> wrote:

> Hello Eric,
>
> I still have to try it myself, but perhaps "forceAuthentication=true" in
> your keycloak.xml configuration adaptor could help on this[1]
>
> Hope it helps,
>
> Luis
>
> [1] https://www.keycloak.org/docs/latest/securing_apps/
> index.html#_saml-general-config
>
> 2018-05-25 4:02 GMT+02:00 Eric B <ebenzacar at gmail.com>:
>
>> I'm securing a webapp in Wildfly using the Keycloak Servlet Filter
>> Adapter (
>> https://www.keycloak.org/docs/3.3/securing_apps/topics/oidc/
>> java/servlet-filter-adapter.html)
>> rather than the Wildfly container adapter.
>>
>> Overall the filter is great and works very well.  However, I've been
>> trying
>> to figure out how I can leverage it to force a reauthentication by my
>> application.  As per the OIDC specs, I know I can pass 'prompt=login' to a
>> call to Keycloak to force the user to reauthenticate himself, but not sure
>> how to leverage the adapter to do this for me.
>>
>> I've noticed some special PreAuthentication hooks in the adapter to handle
>> callbacks from Keycloak and tried to see if there was anything there, but
>> they do not seem to handle this type of case.
>>
>> Are there any special URL parameters I can use that would be recognized
>> and
>> intercepted by the filter and force a user to reauthenticate themselves?
>>
>> Thanks,
>>
>> Eric
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
>