I have a set of users who have different security profiles as well as ones who are a bit visually impaired. The visually impaired users have strong security profiles and I would like to set longer session timeouts for them versus other users. Is this possible?
Greatly appreciate any guidance!
This isn’t possible with the SSO/Client Session Max/Idle configuration values. However, you might be able to do something custom with the cookie authenticator that checks for a user attribute and allows creating a new user session even for an expired cookie.
You can add attribute to user and slightly correct source code in class TokenManager - private int getRefreshExpiration() - you can add your logic to create expiration value for refresh token - I did it and work well
I wouldn’t recommend to change implementations of internal classes like the TokenManager, as this will yield in a custom Keycloak distribution, which makes it hard(er) to update, because with every update, you’d have to check the whole custom TokenManager class and what to update.
So, simply don’t do it.