[keycloak-user] SAML2.0: support for SessionNotOnOrAfter
Dmitry Telegin
dt at acutus.pro
Sun Jul 22 21:48:01 EDT 2018
Hi Leonid,
Grepping the Keycloak code shows that it does "know" about
SessionNotOnOrAfter, that means is able to parse it from XML and
get/set the value in the model. But that's all, Keycloak doesn't
actually manipulate this attribute in any way. Seems like bug / missing
feature to me, but let's see what the Keycloak devs say.
Meanwhile, you could implement a custom ProtocolMapper to populate the
SessionNotOnOrAfter attribute. (This could have been even easier had
the script mapper existed for SAML, see KEYCLOAK-5520)
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Fri, 2018-07-20 at 11:16 +0300, Leonid Rozenblyum wrote:
> Hello.
> Does Keycloak support the attribute SessionNotOnOrAfter based on
> realm
> settings of session timeout? Maybe some another way to inform Service
> Provider about the desired session end time?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list