Re: [keycloak-user] Forcing reauthentication from a client, even when session is active
True, I was focusing just on require re-auth every X min. I reckon we
should add max_age and use it for the admin console with a
sensible/configurable timeout.
On 6 March 2017 at 16:11, Bill Burke <bburke(a)redhat.com> wrote:
prompt=login is just as useful. It allows applications to require
re-authentication in order to perform a specific action in the app.
On 3/6/17 9:55 AM, Stian Thorgersen wrote:
As we have prompt=login (I also spotted auth_time in the token) it would
be really easy to add max_age that would actually be more useful than
prompt=login IMO.
On 6 March 2017 at 15:41, Bill Burke <bburke(a)redhat.com> wrote:
> We support prompt=login.
>
>
> On 3/6/17 9:33 AM, Stian Thorgersen wrote:
> > OIDC has prompt=login and max_age params for it. Pretty sure we don't
> > support either at the moment though.
> >
> > On 6 March 2017 at 15:14, John D. Ament <john.d.ament(a)gmail.com> wrote:
> >
> >> On Mon, Mar 6, 2017 at 9:12 AM John Dennis <jdennis(a)redhat.com>
wrote:
> >>
> >>> On 03/06/2017 08:47 AM, John D. Ament wrote:
> >>>> Hi,
> >>>>
> >>>> I have a use case where I need to reauthenticate a client, even if
> >> their
> >>>> session is active. I can use the Keycloak javascript adapter on
the
> >>> client
> >>>> side, if needed, and was wondering if this is something built in?
I
> >> was
> >>>> also expecting to leverage either the OIDC or SAML adapter on the
> >> server
> >>>> side. Can that work, regardless or server side adapter?
> >>> In SAML you set ForceAuthn=True in the AuthnRequest.
> >>>
> >>>
> >> This is not SAML specific.
> >>
> >>
> >>> --
> >>> John
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user(a)lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user(a)lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>