<div dir="ltr">OK, I am clear about this point now. It does enter the second optional authenticator, so it is good now. Thank you</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 8, 2016 at 10:43 AM, Rashmi Singh <span dir="ltr"><<a href="mailto:singhrasster@gmail.com" target="_blank">singhrasster@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">In general, if we have any two authenticators under ALTERNATIVE flow, the second being OPTIONAL, is the optional one invoked only when context.setUser(user) is set in the first authenticator? otherwise, the second OPTIONAL authenticator is never invoked (irrespective of whether <span style="font-size:12.8px">Authenticator.configuredFor returns true or false) at all? Is there a way to invoke the optional authenticator even when context.setUser(user) was never done in the first authenticator?</span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 8, 2016 at 5:21 AM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Currently the OPTIONAL means that
authenticator is used just if it's configured for particular user
( Authenticator.configuredFor returns true for that user). In case
of OTP, it means that OTP form is shown just if OTP is configured
for particular user. <br>
<br>
It looks that OPTIONAL authenticator needs to return
"requiresUser" with true, otherwise if it doesn't require user the
error will be returned (even if authenticator is OPTIONAL).<br>
<br>
Marek<div><div><br>
<br>
On 07/06/16 17:29, Rashmi Singh wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div>
<div dir="ltr">From the keycloak documentation and <a href="https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html" target="_blank"></a><a href="https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html" target="_blank">https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html</a>
<div><br>
</div>
<div>it is not very clear to me what the OPTIONAL setting for an
execution mean.</div>
<div><br>
</div>
<div>For example, when we have the following:</div>
<div><br>
</div>
<div><a>
<pre style="font-size:0.9em;font-family:courrier,monospace;overflow:auto;padding:5px 15px 5px 25px;border:1px solid rgb(204,204,204);background-color:rgb(245,245,245)">Forms Subflow - ALTERNATIVE
Username/Password Form - REQUIRED
OTP Password Form - OPTIONAL</pre>
</a></div>
<div><br>
</div>
<div><br>
</div>
<div>When can it enter the Optional OTP form? Do we need to add
some code (some condition ?) in the
UsernamePasswordAuthentication Code, so it enters the optional
OTP form authenticator? Or something else? I am not so clear
about the concept of this optional field and how to enter it.
Can someone please explain this in detail?</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>