[keycloak-dev] Decoupled channel authentication (Google Push Authn)
James Holland
james.holland at outlook.com
Wed Jun 27 04:45:19 EDT 2018
Hi Stian, thanks for this :-)
AuthenticationFlowContext & UserSessionProvider no longer have methods to get the ClientSessionModel to lookup the user session, any suggestion on how to get this in 4.0.0.Final? I was looking at AuthenticationSessionProvider?
I agree with you wrt to your points 1 & 2, websocket callback is something I'm working on separately, but only as a method of telling the waiting page to refresh instead of polling; just need a distributed Pub/sub & filter (so only the specific sessions get called.)
Regards James
Stian Thorgersen wrote on 27/06/2018 07:25:
Hi,
Take a look at https://github.com/stianst/authenticator-example. It's just a POC, but it does pretty much what you're after with regards to an out of bands authenticator.
Now to make it nice there's two aspects that needs to be worked on:
1. Support for additional multi factor mechanisms - users should be able to choose between available means, pluggable support including configuration, etc.. I hope this is something we'll be working on soon.
2. Push based out of bands - we need some concept of authentication events that the authenticator web page can wait for. I would assume this would use websockets.
For Google prompt it would be nice to have that available OOTB, but it does depend on #1 to allow us to properly support more than one multi factor in a realm.
On Mon, 25 Jun 2018 at 11:23, James Holland <james.holland at outlook.com<mailto:james.holland at outlook.com>> wrote:
I've added the feature request
https://issues.jboss.org/browse/KEYCLOAK-7675 for this.
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list