[keycloak-dev] Optional authenticator inside an alternative subflow, how and when is it invoked?

Rashmi Singh singhrasster at gmail.com
Wed Jun 8 11:43:42 EDT 2016 

In general, if we have any two authenticators under ALTERNATIVE flow, the
second being OPTIONAL, is the optional one invoked only when
context.setUser(user) is set in the first authenticator? otherwise, the
second OPTIONAL authenticator is never invoked (irrespective of
whether Authenticator.configuredFor
returns true or false) at all? Is there a way to invoke the optional
authenticator even when context.setUser(user) was never done in the first
authenticator?

On Wed, Jun 8, 2016 at 5:21 AM, Marek Posolda <mposolda at redhat.com> wrote:

> Currently the OPTIONAL means that authenticator is used just if it's
> configured for particular user ( Authenticator.configuredFor returns true
> for that user). In case of OTP, it means that OTP form is shown just if OTP
> is configured for particular user.
>
> It looks that OPTIONAL authenticator needs to return "requiresUser" with
> true, otherwise if it doesn't require user the error will be returned (even
> if authenticator is OPTIONAL).
>
> Marek
>
>
> On 07/06/16 17:29, Rashmi Singh wrote:
>
> From the keycloak documentation and
> <https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html>
> https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>
> it is not very clear to me what the OPTIONAL setting for an execution mean.
>
> For example, when we have the following:
>
> Forms Subflow - ALTERNATIVE
>            Username/Password Form - REQUIRED
>            OTP Password Form - OPTIONAL
>
>
>
> When can it enter the Optional OTP form? Do we need to add some code (some
> condition ?) in the UsernamePasswordAuthentication Code, so it enters the
> optional OTP form authenticator? Or something else? I am not so clear about
> the concept of this optional field and how to enter it. Can someone please
> explain this in detail?
>
>
> _______________________________________________
> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160608/114b53f6/attachment-0001.html

More information about the keycloak-dev mailing list