[keycloak-dev] Postpone TOTP SPI to after 1.0.final

Bill Burke bburke at redhat.com
Fri Aug 1 14:32:10 EDT 2014 

The backend might be pretty straightforward, but we would require some 
refactoring of the login page.  For example, some credentials (password, 
totp) are entered in after displaying a login page.  Some credentials 
(client cert and cookie) you never even see the login page.

On 8/1/2014 2:13 PM, Vivek Srivastav (vivsriva) wrote:
> A general authentication plugin SPI for clients is what we are interested
> in.
> Any pointers on it, viz. which which classes should I look into would
> greatly help.
> Kind Regards,
> Vivek
>
> On 7/30/14, 4:53 AM, "Stian Thorgersen" <stian at redhat.com> wrote:
>
>> A general authentication plugin SPI for clients should be relatively
>> straightforward, not sure about users though.
>>
>> Credentials for users requires changes to the login flow as well as
>> account management pages, so could be tricky to do it in a generic way.
>>
>> Worth a try though! So let's wait until after 1.0.final with the TOTP
>> work.
>>
>> ----- Original Message -----
>>> From: "Bill Burke" <bburke at redhat.com>
>>> To: keycloak-dev at lists.jboss.org
>>> Sent: Tuesday, 29 July, 2014 10:36:50 PM
>>> Subject: Re: [keycloak-dev] Postpone TOTP SPI to after 1.0.final
>>>
>>> By authentication plugin SPI, I actually mean a credential type plugin
>>> SPI.  Have a user requesting that they be able to plug in their own
>>> client-cert verification mechanism.
>>>
>>> On 7/29/2014 5:33 PM, Bill Burke wrote:
>>>> Could this TOTP SPI turn into a general authentication plugin SPI?
>>> Just
>>>> had an inquiry for that type of SPI.
>>>>
>>>> On 7/29/2014 8:51 AM, Stian Thorgersen wrote:
>>>>> Due to there being quite a lot of work to do the required updates to
>>>>> properly do a TOTP SPI I propose we post-pone this to 1.1.0.
>>>>>
>>>>> The work would include:
>>>>>
>>>>> * A TOTP SPI
>>>>> * Account management needs to support multiple TOTPs
>>>>> * Select TOTP provider to configure if required to setup TOTP on
>>> login
>>>>> * Select TOTP provider to use at login if user has multiple
>>>>> * Configure what TOTP are permitted for a realm
>>>>> * Remember TOTP option (don't ask for TOTP in 30 days on this
>>> machine)
>>>>> * Email implementation (send a OTP through email)
>>>>> * SMS implementation (use an example SMS cloud service to send OTP)
>>> - this
>>>>> would also require additional fields to registration
>>>>> * At least one other TOTP implementation (FreeOTP and Yubikey)
>>>>> * ...
>>>>> _______________________________________________
>>>>> keycloak-dev mailing list
>>>>> keycloak-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>
>>>>
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list