2:19 a.m.
Dne 5.2.2018 v 09:18 Marek Posolda napsal(a):
Few tips:
- If you enable "Remember me" for the realm, the KEYCLOAK_IDENTITY
cookie won't be cleared at the end of browser session.
- There is callback "onTokenExpired", which you can use in keycloak.js
adapter when the accessToken is expired. You will be redirected back
to Keycloak server and re-logged with SSO (as long as
KEYCLOAK_IDENTITY is still valid).
The approach with "token" may work, but I would personally use the
approach with shorter token timeouts and redirect to the SSO, assuming
that rememberMe will work. This has some downsides (redirect to the
Keycloak needed periodically, rememberMe available), so not sure if it
works for you. If you want the approach with "token", you may need to
disable session iframe in that case (as the SSO session on Keycloak
side may not be longer valid after browser restart).
One thing, I am not 100% sure
if you need to disable session iframe if
you want to use "token" approach. Just a tip, that it's maybe a reason
why it doesn't work for you, but don't know for sure.
Marek
Marek
Dne 4.2.2018 v 14:48 Ori Doolman napsal(a):
> Hi,
> My web application is using the Keycloak JS adapter, and I'm using the
'implicit' flow for getting the access token.
> I have a requirement to prevent the user from keying again passwords for 24 hours
(assuming the token is expired after 24 hours), even after browser is closed and
re-opened.
>
> There is a cookie called 'KEYCLOAK_IDENTITY', which I assume preserve the
login state, but it is a session cookie and it is deleted after closing the browser
window.
> I also see that in the initOptions of the adapter, I can pass an existing access
token by the 'token' property. Hence, I was thinking to persist the 24hours access
token into localStorage and then read it and pass as part of initOptions to the adapter
when my application starts.
> However, I cannot make it work and I'm not even sure this is possible to do so.
>
> Is it possible to use the 'token' initOption like that?
> If not, is there a recommended approach for implementing such requirement ?
>
>
> Thanks,
>
> Ori Doolman
> Lead Software Architect
> Amdocs Optima
>
> +972 9 778 6914 (office)
> +972 50 9111442 (mobile)
>
> [cid:image001.png@01D2C8DE.BFF33E10]
>
> This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
>
> you may review athttps://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user