[keycloak-user] Session timeout settings on a per application basis
Stian Thorgersen
sthorger at redhat.com
Fri Mar 10 05:39:39 EST 2017
With direct grant you don't have SSO so you could logout after a timeout.
You can also use prompt=login and check the authentication time on the
token to require a user to have re-authenticated recently to the sensitive
apps.
On 10 March 2017 at 10:31, Alexander Chriztopher <
alexander.chriztopher at gmail.com> wrote:
> any hints to how to achieve this ? should we do it manually by canceling
> the access_token when we want to (we are using Direct Access Grant by the
> way) ?
>
> On Wed, Mar 8, 2017 at 2:26 PM, Alexander Chriztopher <
> alexander.chriztopher at gmail.com> wrote:
>
>> Our use case is that we have different businesses and each business has
>> its own constraints.
>>
>> In one of them (2 applications today) we want the session to timeout very
>> quickly if the user is not active for security reasons and in another we
>> want a rather "normal" timeout as the security constraints are not the same
>> (a lot more applications here).
>>
>> On Wed, Mar 8, 2017 at 12:10 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> Session timeouts are for the SSO session and it wouldn't make any sense
>>> to have them on a per-application basis. What's your actual use-case?
>>>
>>> On 8 March 2017 at 10:15, Alexander Chriztopher <
>>> alexander.chriztopher at gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> We would like to know whether this is now available or not ?
>>>>
>>>> I have found the following thread that was sent in 12/2014 :
>>>> http://lists.jboss.org/pipermail/keycloak-user/2014-December
>>>> /001295.html
>>>>
>>>> Thanks for your answers.
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
More information about the keycloak-user
mailing list