[keycloak-user] Question re app timeout

Stian Thorgersen sthorger at redhat.com
Fri Apr 8 01:12:51 EDT 2016


We don't have support for this at the moment and would like to do it at
some point. It would mainly be a matter of adding the authentication time
to the token as well as implementing support for prompt=login (see
http://openid.net/specs/openid-connect-implicit-1_0.html#rfc.section.2.1.1.1
).

You could probably achieve the same with a custom authentication flow and a
custom protocol mapper that adds the authentication time to the token.

On 8 April 2016 at 01:35, Richard Lavallee <rllavallee at hotmail.com> wrote:

> Does anyone know the answer to this?
>
> I want to setup up a Keycloak SSO for, say, five apps:  only one of which
> is required (by U.S. State Law) to become logged out upon ten inactive
> minutes timeout.
> How can I achieve this in Keycloak?
>
> So for example:  user signs in to Keycloak and begins working in APP1 then
> switches to APP2 and stays there for more than ten minutes.  User re-visits
> APP1 which has been idle for more than ten minutes.  By law he needs to
> re-authenticate to APP1 even though he remains already authenticated in
> Keycloak.  How to force re-authentication for at least APP1?
>
> -Richard
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160408/f77cc220/attachment.html 


More information about the keycloak-user mailing list