wrote:

Hello Eric, I still have to try it myself, but perhaps "forceAuthentication=true" in your keycloak.xml configuration adaptor could help on this[1] Hope it helps, Luis [1] https://www.keycloak.org/docs/latest/securing_apps/ index.html#_saml-general-config 2018-05-25 4:02 GMT+02:00 Eric B <ebenzacar(a)gmail.com&gt;: > I'm securing a webapp in Wildfly using the Keycloak Servlet Filter > Adapter ( > https://www.keycloak.org/docs/3.3/securing_apps/topics/oidc/ > java/servlet-filter-adapter.html) > rather than the Wildfly container adapter. > > Overall the filter is great and works very well. However, I've been > trying > to figure out how I can leverage it to force a reauthentication by my > application. As per the OIDC specs, I know I can pass 'prompt=login' to a > call to Keycloak to force the user to reauthenticate himself, but not sure > how to leverage the adapter to do this for me. > > I've noticed some special PreAuthentication hooks in the adapter to handle > callbacks from Keycloak and tried to see if there was anything there, but > they do not seem to handle this type of case. > > Are there any special URL parameters I can use that would be recognized > and > intercepted by the filter and force a user to reauthenticate themselves? > > Thanks, > > Eric > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett