[keycloak-dev] Device registration and verification

Pedro Igor Silva psilva at redhat.com
Fri Jan 9 06:51:05 EST 2015


+1. 

Another thing to keep in mind is support for Adaptative/Multi Security Level. Wen can also define levels based on the authc mechanism, user device, network, etc.

----- Original Message -----
From: "Marek Posolda" <mposolda at redhat.com>
To: "Pedro Igor Silva" <psilva at redhat.com>, "keycloak dev" <keycloak-dev at lists.jboss.org>
Sent: Friday, January 9, 2015 4:35:28 AM
Subject: Re: [keycloak-dev] Device registration and verification

That might be nice feature. Maybe it may be also good to support 
different authentication methods depending on the device? For example 
require kerberos login when user loggs through his laptop, and password 
authentication when login through mobile phone etc.

Marek

On 9.1.2015 00:09, Pedro Igor Silva wrote:
> Hi,
>
>     I was wondering if we can support device registration and verification during login as follows:
>
>         1) Users can enable/disable behavior in admin console for a specific realm.
>         2) After a successful login, KC checks if the user's device is known. For instance, Browser and Operating System.
>         3) If not recognized, KC shows a page asking user if he wants to enable the device.
>         4) KC sends an email to user with a code.
>         5) When trying to login again, user must provide the code to register the new device and get authenticated.
>         6) For now on, users can authenticate without asking for permission if using the same device.
>
>     Any thoughts ?
>
> Regards.
> Pedro Igor
>      
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list