9:11 a.m.
prompt=login is just as useful. It allows applications to require
re-authentication in order to perform a specific action in the app.
On 3/6/17 9:55 AM, Stian Thorgersen wrote:
As we have prompt=login (I also spotted auth_time in the token) it
would be really easy to add max_age that would actually be more useful
than prompt=login IMO.
On 6 March 2017 at 15:41, Bill Burke <bburke(a)redhat.com
<mailto:bburke@redhat.com>> wrote:
We support prompt=login.
On 3/6/17 9:33 AM, Stian Thorgersen wrote:
> OIDC has prompt=login and max_age params for it. Pretty sure we
don't
> support either at the moment though.
>
> On 6 March 2017 at 15:14, John D. Ament <john.d.ament(a)gmail.com
<mailto:john.d.ament@gmail.com>> wrote:
>
>> On Mon, Mar 6, 2017 at 9:12 AM John Dennis <jdennis(a)redhat.com
<mailto:jdennis@redhat.com>> wrote:
>>
>>> On 03/06/2017 08:47 AM, John D. Ament wrote:
>>>> Hi,
>>>>
>>>> I have a use case where I need to reauthenticate a client,
even if
>> their
>>>> session is active. I can use the Keycloak javascript adapter
on the
>>> client
>>>> side, if needed, and was wondering if this is something built
in? I
>> was
>>>> also expecting to leverage either the OIDC or SAML adapter on the
>> server
>>>> side. Can that work, regardless or server side adapter?
>>> In SAML you set ForceAuthn=True in the AuthnRequest.
>>>
>>>
>> This is not SAML specific.
>>
>>
>>> --
>>> John
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>