[keycloak-user] Validate User Credentials Without Creating a Session

Scott Finlay scott.finlay at sixt.com
Thu Feb 1 11:25:57 EST 2018


Hi Marek,


Thanks for the suggestion. Could you maybe point me in the right direction there?

I'm having some difficulties finding the actual place where credentials are checked

in the Keycloak code and where the session is being created.


Additionally I've looked the documentation (http://www.keycloak.org/docs/3.1/server_development/topics/extensions.html)
but I'm having trouble understanding from that what these pieces described are actually for,
where the entry point is, and how I can connect it to the actual Keycloak storage. I also don't
really know how to actually integrate the endpoint into Keycloak once I have one built

Regards,
Scott



________________________________
From: Marek Posolda <mposolda at redhat.com>
Sent: Wednesday, January 24, 2018 1:59:05 PM
To: Scott Finlay; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Validate User Credentials Without Creating a Session

Hi Scott,

it's not available OOTB, but you can add your own REST endpoint to
verify username/password. Or alternatively you can just do directGrant
login (OAuth2 Resource Owner Password Credentials Grant) and then logout
session.

Marek

On 23/01/18 09:49, Scott Finlay wrote:
> Hi,
>
>
> We're currently using Keycloak 2.5.5.Final, and in this version it's not possible
>
> to validate a user's credentials (username / password combination) without
>
> actually logging the user in which results in a session (and our sessions are long-
>
> lived). Is there any new functionality introduced in the later versions of  Keycloak
>
> to validate the credentials without actually logging the user in?
>
>
> Our use-case is that we have very long-lived tokens, but we want to require the
>
> user to re-enter his/her password in order to perform some certain sensitive tasks
>
> such as changing the password or username.
>
>
> If such functionality  is not available, would it be possible to add this?
>
>
> Regards,
>
> Scott
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list