[keycloak-user] Keycloak

Chen Keong Yap chenkeong.yap at izeno.com
Tue Jun 2 10:07:31 EDT 2015


please share your ideas.

1) i have 1 app is secured using PL SP Filter. Once login successful, there
is a session created in keycloak idp and we called it as sp session and app
http session is created too. Is the app http session is stored in keycloak

2) when global logout is performed, it will call admin url for all the apps
to do application logout. So the question is we need the app http session.
Is it stored in memory or keycloak db?

3) we have requirement to hard kill the sp session and the app http session
if is active for more than 24 hours. Do you think is better to implement in
keycloak idp as servlet or from PL SP filter?

4) we need to implement session fixation. Which means 1 client ip is
binding to 1 jsessionid and the other client ip cannot make http request
using this jsessionid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150602/6360f3fb/attachment.html 

More information about the keycloak-user mailing list