[keycloak-user] Session timeout based on AuthN level of assurance

Stian Thorgersen sthorger at redhat.com
Fri Jan 13 01:32:40 EST 2017


We don't have support for step-up authentication at the moment. It's on our
radar though.

You may be able to do something with custom authenticator, but probably not
with the script authenticator.

On 10 January 2017 at 21:41, Santosh Haranath <santosh.haranath at gmail.com>
wrote:

> In continuation -
>
> With Step-Up Authentication, applications that allow access to
> different types of resources can require users to authenticate with a
> stronger authentication mechanism to access sensitive resources.
>
> How can we implement step-up authentication with Keycloak ? Is there
> an implementation of Authentication Context Class Reference within
> Keycloak?
>
> On Tue, Jan 10, 2017 at 12:36 PM, Santosh Haranath
> <santosh.haranath at gmail.com> wrote:
> > Does Script Authenticator in Authentication flow provide a way to
> > manage session timeout as per level of assurance. Example 2 FA is
> > valid for 20 mins but local LDAP authn is valid for 60 mins.
> >
> > How can we implement this requirement with keycloak?
> >
> > Thanks
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list