[keycloak-user] Question re app timeout
Stian Thorgersen
sthorger at redhat.com
Fri Apr 8 01:15:59 EDT 2016
Couldn't find the issue about this so added
https://issues.jboss.org/browse/KEYCLOAK-2775
On 8 April 2016 at 07:12, Stian Thorgersen <sthorger at redhat.com> wrote:
> We don't have support for this at the moment and would like to do it at
> some point. It would mainly be a matter of adding the authentication time
> to the token as well as implementing support for prompt=login (see
> http://openid.net/specs/openid-connect-implicit-1_0.html#rfc.section.2.1.1.1
> ).
>
> You could probably achieve the same with a custom authentication flow and
> a custom protocol mapper that adds the authentication time to the token.
>
> On 8 April 2016 at 01:35, Richard Lavallee <rllavallee at hotmail.com> wrote:
>
>> Does anyone know the answer to this?
>>
>> I want to setup up a Keycloak SSO for, say, five apps: only one of which
>> is required (by U.S. State Law) to become logged out upon ten inactive
>> minutes timeout.
>> How can I achieve this in Keycloak?
>>
>> So for example: user signs in to Keycloak and begins working in APP1
>> then switches to APP2 and stays there for more than ten minutes. User
>> re-visits APP1 which has been idle for more than ten minutes. By law he
>> needs to re-authenticate to APP1 even though he remains already
>> authenticated in Keycloak. How to force re-authentication for at least
>> APP1?
>>
>> -Richard
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160408/792b976c/attachment.html
More information about the keycloak-user
mailing list