[keycloak-user] Forcing reauthentication from a client, even when session is active

Bill Burke bburke at redhat.com
Mon Mar 6 10:11:49 EST 2017 

prompt=login is just as useful.  It allows applications to require 
re-authentication in order to perform a specific action in the app.


On 3/6/17 9:55 AM, Stian Thorgersen wrote:
> As we have prompt=login (I also spotted auth_time in the token) it 
> would be really easy to add max_age that would actually be more useful 
> than prompt=login IMO.
>
> On 6 March 2017 at 15:41, Bill Burke <bburke at redhat.com 
> <mailto:bburke at redhat.com>> wrote:
>
>     We support prompt=login.
>
>
>     On 3/6/17 9:33 AM, Stian Thorgersen wrote:
>     > OIDC has prompt=login and max_age params for it. Pretty sure we
>     don't
>     > support either at the moment though.
>     >
>     > On 6 March 2017 at 15:14, John D. Ament <john.d.ament at gmail.com
>     <mailto:john.d.ament at gmail.com>> wrote:
>     >
>     >> On Mon, Mar 6, 2017 at 9:12 AM John Dennis <jdennis at redhat.com
>     <mailto:jdennis at redhat.com>> wrote:
>     >>
>     >>> On 03/06/2017 08:47 AM, John D. Ament wrote:
>     >>>> Hi,
>     >>>>
>     >>>> I have a use case where I need to reauthenticate a client,
>     even if
>     >> their
>     >>>> session is active.  I can use the Keycloak javascript adapter
>     on the
>     >>> client
>     >>>> side, if needed, and was wondering if this is something built
>     in?  I
>     >> was
>     >>>> also expecting to leverage either the OIDC or SAML adapter on the
>     >> server
>     >>>> side.  Can that work, regardless or server side adapter?
>     >>> In SAML you set ForceAuthn=True in the AuthnRequest.
>     >>>
>     >>>
>     >> This is not SAML specific.
>     >>
>     >>
>     >>> --
>     >>> John
>     >>> _______________________________________________
>     >>> keycloak-user mailing list
>     >>> keycloak-user at lists.jboss.org
>     <mailto:keycloak-user at lists.jboss.org>
>     >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>     >>>
>     >> _______________________________________________
>     >> keycloak-user mailing list
>     >> keycloak-user at lists.jboss.org
>     <mailto:keycloak-user at lists.jboss.org>
>     >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>     >>
>     > _______________________________________________
>     > keycloak-user mailing list
>     > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     > https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>

More information about the keycloak-user mailing list