Re: [keycloak-dev] Keycloak session limiting (KEYCLOAK-849) (BA-93)

It should be a pluggable part of the authentication flow and not a hardcoded element. There is no other way to plug in to the authentication flow other than creating an authenticator. An authenticator doesn't need to provide a challenge though so it can be used in this instance. On Tue, 12 Mar 2019 at 10:57, Mauro de Wit <maurodewit(a)gmail.com&gt; wrote: > Hello, > > I am sending this e-mail because I have some questions regarding the > enhancement request that enables configurable session limiting in Keycloak > as discussed here: > https://issues.jboss.org/browse/KEYCLOAK-849 (The developer that Marc > Wijma > referred to in his comment as being available for this task is me btw :)) > > In the comments a solution is proposed that makes use of a custom > Authenticator that is dropped into the authentication flow where it can be > configured. While I can see the benefit of leveraging the existing > components as much as possible (including the configuration options in > that > flow), I am wondering if this is the best solution. As far as I can tell, > this component is not performing any authentication at all. Moreover this > functionality operates 'above' the authentication mechanisms and should > apply to all of them. > So is an Authenticator really the desired place to implement this? Or is > this just the quickest route, while not being the most desirable option > for > the long term? What would be an alternative approach be? That would place > this implementation and configuration in the existing Session > configuration > code for instance. > > I just now started investigating this task and looking into the options > that would meet our requirements. Hope to hear from you. > > Regards > > Mauro > > > > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >