Re: [keycloak-dev] session_state changed to ClientSession id?

Thursday, 19 February 2015

On 2/19/2015 1:10 AM, Stian Thorgersen wrote:
...

 ----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com&gt;
> To: keycloak-dev(a)lists.jboss.org
> Sent: Thursday, February 19, 2015 4:25:48 AM
> Subject: [keycloak-dev] session_state changed to ClientSession id?
>
> Can I change the session_state in the access token (and refresh token)
> to point to ClientSession id instead?  Right now it points to the user
> session id.

 What's the benefits of doing that?

 It might have some impact on the Infinispan provider. For best performance user sessions
should be retrieved by id, which we won't be able to do if we don't have it.

Access and refresh tokens should be associated with a client session so 
that we can track back an audit.  For claim mapping, I'm also allowing 
admins to map client session notes into the token.  There might be 
temporary protocol specific information stored there.

I can just add a new client_session claim if needed.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Re: [keycloak-dev] session_state changed to ClientSession id?