Re: [keycloak-user] Question re app timeout

We don't have support for this at the moment and would like to do it at some point. It would mainly be a matter of adding the authentication time to the token as well as implementing support for prompt=login (see http://openid.net/specs/openid-connect-implicit-1_0.html#rfc.section.2.1.1.1 ). You could probably achieve the same with a custom authentication flow and a custom protocol mapper that adds the authentication time to the token. On 8 April 2016 at 01:35, Richard Lavallee <rllavallee(a)hotmail.com&gt; wrote: > Does anyone know the answer to this? > > I want to setup up a Keycloak SSO for, say, five apps: only one of which > is required (by U.S. State Law) to become logged out upon ten inactive > minutes timeout. > How can I achieve this in Keycloak? > > So for example: user signs in to Keycloak and begins working in APP1 > then switches to APP2 and stays there for more than ten minutes. User > re-visits APP1 which has been idle for more than ten minutes. By law he > needs to re-authenticate to APP1 even though he remains already > authenticated in Keycloak. How to force re-authentication for at least > APP1? > > -Richard > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >