[keycloak-dev] PAM conversations- Custom login form

[Bruno Oliveira]

That e-mail is dated, feel free to ignore. Later I sent another one
mentioning password + OTP. But of course I can't find it anymore.


On 2016-08-23, Stian Thorgersen wrote:
> I thought we where just going to do password and OTP in a single field?
>
> On 18 July 2016 at 23:53, Bruno Oliveira <abstractj at redhat.com> wrote:
>
> > Good morning,
> >
> >
> > Today to authentication against PAM with just simple username/password I
> > implemented UserFederationProvider and added the proper PAM login to
> > validCredentials[1]. This covers the most basic scenario.
> >
> > Now I would like to cover a more complex scenario like OTP and change
> > the flow a little bit like this:
> >
> > 1. User providers her username
> > 2. The next screen asks to provide how many factor our user has(For
> > example: OTP, password). We just don't know, PAM will tell what's next.
> > 3. We authenticate against it
> >
> > To see in practice against FreeIPA server, I just recorded it
> > for a practical example[2].
> >
> > What would be the best approach to implement this flow? I was considering
> > to
> > move my authentication logic out of SSSD federation provider and create a
> > PAM
> > authenticator.
> >
> > Does it make sense?
> >
> > [1] - http://www.keycloak.org/docs/javadocs/org/keycloak/models/
> > UserFederationProvider.html#validCredentials-org.keycloak.
> > models.RealmModel-org.keycloak.models.UserCredentialModel-
> >
> > [2] - https://asciinema.org/a/atwnfbu0kqfasjl65weyoiz7a
> >
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >

> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


--

abstractj
PGP: 0x84DC9914