[keycloak-user] How to force a re-authentication using the Keycloak Filter Adapter

Eric B ebenzacar at gmail.com
Thu May 24 22:02:35 EDT 2018


I'm securing a webapp in Wildfly using the Keycloak Servlet Filter Adapter (
https://www.keycloak.org/docs/3.3/securing_apps/topics/oidc/java/servlet-filter-adapter.html)
rather than the Wildfly container adapter.

Overall the filter is great and works very well.  However, I've been trying
to figure out how I can leverage it to force a reauthentication by my
application.  As per the OIDC specs, I know I can pass 'prompt=login' to a
call to Keycloak to force the user to reauthenticate himself, but not sure
how to leverage the adapter to do this for me.

I've noticed some special PreAuthentication hooks in the adapter to handle
callbacks from Keycloak and tried to see if there was anything there, but
they do not seem to handle this type of case.

Are there any special URL parameters I can use that would be recognized and
intercepted by the filter and force a user to reauthenticate themselves?

Thanks,

Eric


More information about the keycloak-user mailing list