Our SAML client adapters have no way to force authentication, but the server does support SAML ForceAuth=true.  There's a similar thing for OIDC.

You could also extend the Cookie authenticator to ignore the cookie check if a certain client is requesting authentication.

Hi,

I was wondering if there was any way in Keycloak to force the authentication of a user?

From my application, I may need a user to reverify their credentials.  They will likely already have a session with keycloak open, but I need them to re-enter their credentials.  Is there a way to do this?  Or even an API call I can make with the user's credentials to verify them?

Likewise, I need to be able to provide a SAML ForceAuth=true.  Is this possible in Keycloak?

John

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user