What do you mean by federated user? We have the concept of federating
between IDPs, where Keycloak is the child and an external IDP is teh
parent. In this case, we do not check the status of the external user
at all. I'm not currently aware of any standard we can use to do this.
On 7/13/2015 5:39 PM, Kamal Jagadevan wrote:
Hello,
I would like to know how De-provisioning of user in Federated IDP
case being handled in Keycloak.
How frequently Keycloak validates the federated user status before
reissuing the new access token to the already authenticated user.
Is there plans to support SCIM (System for Cross-domain Identity
Management) in Keycloak roadmap?
_Following is our use case
_
1. There are few processes that will be authenticated with Federated IDP
using SAML just after *user**(A)* registration is complete (one time
login manually).
2. Subsequently SP will issue the token pair to these processes to use
as long as Refresh token lifetime is valid.
3. Within this refresh token lifetime (if it too long) and in the case
*user(A)* is de-provisioned/removed, how would *_SP be aware to block
this token renewal_*.
Please share your thoughts.
Best
Kamal
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com