Re: [keycloak-user] Question re app timeout
We don't have support for this at the moment and would like to do it at
some point. It would mainly be a matter of adding the authentication time
to the token as well as implementing support for prompt=login (see
http://openid.net/specs/openid-connect-implicit-1_0.html#rfc.section.2.1.1.1
).
You could probably achieve the same with a custom authentication flow and a
custom protocol mapper that adds the authentication time to the token.
On 8 April 2016 at 01:35, Richard Lavallee <rllavallee(a)hotmail.com> wrote:
Does anyone know the answer to this?
I want to setup up a Keycloak SSO for, say, five apps: only one of which
is required (by U.S. State Law) to become logged out upon ten inactive
minutes timeout.
How can I achieve this in Keycloak?
So for example: user signs in to Keycloak and begins working in APP1 then
switches to APP2 and stays there for more than ten minutes. User re-visits
APP1 which has been idle for more than ten minutes. By law he needs to
re-authenticate to APP1 even though he remains already authenticated in
Keycloak. How to force re-authentication for at least APP1?
-Richard
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 2.1 KB)