Re: [keycloak-user] Forcing reauthentication from a client, even when session is active
At least for my use case, the max_age is moot. Its not by session, but by
And just to be clear - if I'm sending an OIDC request from my client to
keycloak, and the realm is based on SAML, and that realm is ForceAuthn
enabled, then it would reprompt in the IDP (if that's how everything's
configured)
I'm assuming at that point, I would send a Bearer header and parse on the
backend with a JAX-RS adapter?
On Mon, Mar 6, 2017 at 10:04 AM Stian Thorgersen <sthorger(a)redhat.com>
wrote:
As we have prompt=login (I also spotted auth_time in the token) it
would be
really easy to add max_age that would actually be more useful than
prompt=login IMO.
On 6 March 2017 at 15:41, Bill Burke <bburke(a)redhat.com> wrote:
> We support prompt=login.
>
>
> On 3/6/17 9:33 AM, Stian Thorgersen wrote:
> > OIDC has prompt=login and max_age params for it. Pretty sure we don't
> > support either at the moment though.
> >
> > On 6 March 2017 at 15:14, John D. Ament <john.d.ament(a)gmail.com>
wrote:
> >
> >> On Mon, Mar 6, 2017 at 9:12 AM John Dennis <jdennis(a)redhat.com>
wrote:
> >>
> >>> On 03/06/2017 08:47 AM, John D. Ament wrote:
> >>>> Hi,
> >>>>
> >>>> I have a use case where I need to reauthenticate a client, even if
> >> their
> >>>> session is active. I can use the Keycloak javascript adapter on
the
> >>> client
> >>>> side, if needed, and was wondering if this is something built in?
I
> >> was
> >>>> also expecting to leverage either the OIDC or SAML adapter on the
> >> server
> >>>> side. Can that work, regardless or server side adapter?
> >>> In SAML you set ForceAuthn=True in the AuthnRequest.
> >>>
> >>>
> >> This is not SAML specific.
> >>
> >>
> >>> --
> >>> John
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user(a)lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user(a)lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user