Thanks for the great explanation!
Actually I've found 1 more thread related to this question:
Hi Leonid,
Grepping the Keycloak code shows that it does "know" about
SessionNotOnOrAfter, that means is able to parse it from XML and
get/set the value in the model. But that's all, Keycloak doesn't
actually manipulate this attribute in any way. Seems like bug / missing
feature to me, but let's see what the Keycloak devs say.
Meanwhile, you could implement a custom ProtocolMapper to populate the
SessionNotOnOrAfter attribute. (This could have been even easier had
the script mapper existed for SAML, see KEYCLOAK-5520)
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Fri, 2018-07-20 at 11:16 +0300, Leonid Rozenblyum wrote:
> Hello.
> Does Keycloak support the attribute SessionNotOnOrAfter based on
> realm
> settings of session timeout? Maybe some another way to inform Service
> Provider about the desired session end time?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user