How can we invalidate all server side sessions for a given user using REST API call?

I am following the below document.

For this approach to work in an auth tree, we need session token of an administrative user and then invalidate sessions for an user. Is there a more cleaner or efficient approach to invalidate server side sessions for an user in AM admin UI?

Hello @KaranNayyar1,

Thanks for reaching out to the Community.

You can end any sessions within the AM admin UI (except the current amAdmin user’s session) by selecting it and clicking the Invalidate Selected button displayed when navigating to Realms > Realm Name > Sessions.

To search for active sessions, enter a username in the search box. AM retrieves the sessions for the user and displays them within a table. If no active CTS-based session is found, AM displays a “session not found” message.

This is explained in further detail within the Sessions Guide:

I hope this helps!

1 Like