[keycloak-dev] Keycloak session limiting (KEYCLOAK-849) (BA-93)

Mauro de Wit maurodewit at gmail.com
Tue Mar 12 09:53:45 EDT 2019 

Ok, thanks for the clarification.

On Tue, 12 Mar 2019 at 12:39, Stian Thorgersen <sthorger at redhat.com> wrote:

> It should be a pluggable part of the authentication flow and not a
> hardcoded element. There is no other way to plug in to the authentication
> flow other than creating an authenticator. An authenticator doesn't need to
> provide a challenge though so it can be used in this instance.
>
> On Tue, 12 Mar 2019 at 10:57, Mauro de Wit <maurodewit at gmail.com> wrote:
>
>> Hello,
>>
>> I am sending this e-mail because I have some questions regarding the
>> enhancement request that enables configurable session limiting in Keycloak
>> as discussed here:
>> https://issues.jboss.org/browse/KEYCLOAK-849 (The developer that Marc
>> Wijma
>> referred to in his comment as being available for this task is me btw :))
>>
>> In the comments a solution is proposed that makes use of a custom
>> Authenticator that is dropped into the authentication flow where it can be
>> configured. While I can see the benefit of leveraging the existing
>> components as much as possible (including the configuration options in
>> that
>> flow), I am wondering if this is the best solution. As far as I can tell,
>> this component is not performing any authentication at all. Moreover this
>> functionality operates 'above' the authentication mechanisms and should
>> apply to all of them.
>> So is an Authenticator really the desired place to implement this? Or is
>> this just the quickest route, while not being the most desirable option
>> for
>> the long term? What would be an alternative approach be? That would place
>> this implementation and configuration in the existing Session
>> configuration
>> code for instance.
>>
>> I just now started investigating this task and looking into the options
>> that would meet our requirements. Hope to hear from you.
>>
>> Regards
>>
>> Mauro
>>
>> >
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>

More information about the keycloak-dev mailing list