It should be a pluggable part of the authentication flow and not a
hardcoded element. There is no other way to plug in to the authentication
flow other than creating an authenticator. An authenticator doesn't need to
provide a challenge though so it can be used in this instance.
On Tue, 12 Mar 2019 at 10:57, Mauro de Wit <maurodewit(a)gmail.com> wrote:
Hello,
I am sending this e-mail because I have some questions regarding the
enhancement request that enables configurable session limiting in Keycloak
as discussed here:
https://issues.jboss.org/browse/KEYCLOAK-849 (The developer that Marc
Wijma
referred to in his comment as being available for this task is me btw :))
In the comments a solution is proposed that makes use of a custom
Authenticator that is dropped into the authentication flow where it can be
configured. While I can see the benefit of leveraging the existing
components as much as possible (including the configuration options in that
flow), I am wondering if this is the best solution. As far as I can tell,
this component is not performing any authentication at all. Moreover this
functionality operates 'above' the authentication mechanisms and should
apply to all of them.
So is an Authenticator really the desired place to implement this? Or is
this just the quickest route, while not being the most desirable option for
the long term? What would be an alternative approach be? That would place
this implementation and configuration in the existing Session configuration
code for instance.
I just now started investigating this task and looking into the options
that would meet our requirements. Hope to hear from you.
Regards
Mauro
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev