10:12 a.m.
+1
We already have support for max_age on the server including some support
in keycloak.js . That was recommended for OIDC certification. Seems that
the only missing part will be the support in the admin console itself.
Marek
On 07/03/17 09:13, Stian Thorgersen wrote:
True, I was focusing just on require re-auth every X min. I reckon
we
should add max_age and use it for the admin console with a
sensible/configurable timeout.
On 6 March 2017 at 16:11, Bill Burke <bburke(a)redhat.com> wrote:
> prompt=login is just as useful. It allows applications to require
> re-authentication in order to perform a specific action in the app.
>
> On 3/6/17 9:55 AM, Stian Thorgersen wrote:
>
> As we have prompt=login (I also spotted auth_time in the token) it would
> be really easy to add max_age that would actually be more useful than
> prompt=login IMO.
>
> On 6 March 2017 at 15:41, Bill Burke <bburke(a)redhat.com> wrote:
>
>> We support prompt=login.
>>
>>
>> On 3/6/17 9:33 AM, Stian Thorgersen wrote:
>>> OIDC has prompt=login and max_age params for it. Pretty sure we don't
>>> support either at the moment though.
>>>
>>> On 6 March 2017 at 15:14, John D. Ament <john.d.ament(a)gmail.com>
wrote:
>>>
>>>> On Mon, Mar 6, 2017 at 9:12 AM John Dennis <jdennis(a)redhat.com>
wrote:
>>>>
>>>>> On 03/06/2017 08:47 AM, John D. Ament wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I have a use case where I need to reauthenticate a client, even
if
>>>> their
>>>>>> session is active. I can use the Keycloak javascript adapter on
the
>>>>> client
>>>>>> side, if needed, and was wondering if this is something built in?
I
>>>> was
>>>>>> also expecting to leverage either the OIDC or SAML adapter on
the
>>>> server
>>>>>> side. Can that work, regardless or server side adapter?
>>>>> In SAML you set ForceAuthn=True in the AuthnRequest.
>>>>>
>>>>>
>>>> This is not SAML specific.
>>>>
>>>>
>>>>> --
>>>>> John
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user