<div dir="ltr">I have one more question on this. I have my own implementation of two authenticators now: Username Authenticator (REQUIRED) and OTP authenticator (OPTIONAL) under an ALTERNATIVE subflow. The second optional authenticator has <span style="font-size:12.8px">Authenticator.</span><span style="font-size:12.8px">configuredFor returns false (I have this because I do not want this to be invoked only when the user is set in the context already). Now, the second authenticator is invoked which is good. But, there is one case in my usernamePassword Authenticator for which the optional OTPAuthenticator should not be invoked. Can this be achieved? Other than that case, OTP authenticator should be invoked as now. Can I stop this second optional OTPAuthenticator from being invoked for a particular case in my UsernamePassword authenticator?</span></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 8, 2016 at 2:04 PM, Rashmi Singh <span dir="ltr"><<a href="mailto:singhrasster@gmail.com" target="_blank">singhrasster@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">OK, I am clear about this point now. It does enter the second optional authenticator, so it is good now. Thank you</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 8, 2016 at 10:43 AM, Rashmi Singh <span dir="ltr"><<a href="mailto:singhrasster@gmail.com" target="_blank">singhrasster@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">In general, if we have any two authenticators under ALTERNATIVE flow, the second being OPTIONAL, is the optional one invoked only when context.setUser(user) is set in the first authenticator? otherwise, the second OPTIONAL authenticator is never invoked (irrespective of whether <span style="font-size:12.8px">Authenticator.configuredFor returns true or false) at all? Is there a way to invoke the optional authenticator even when context.setUser(user) was never done in the first authenticator?</span></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 8, 2016 at 5:21 AM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Currently the OPTIONAL means that
authenticator is used just if it's configured for particular user
( Authenticator.configuredFor returns true for that user). In case
of OTP, it means that OTP form is shown just if OTP is configured
for particular user. <br>
<br>
It looks that OPTIONAL authenticator needs to return
"requiresUser" with true, otherwise if it doesn't require user the
error will be returned (even if authenticator is OPTIONAL).<br>
<br>
Marek<div><div><br>
<br>
On 07/06/16 17:29, Rashmi Singh wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div>
<div dir="ltr">From the keycloak documentation and <a href="https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html" target="_blank"></a><a href="https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html" target="_blank">https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html</a>
<div><br>
</div>
<div>it is not very clear to me what the OPTIONAL setting for an
execution mean.</div>
<div><br>
</div>
<div>For example, when we have the following:</div>
<div><br>
</div>
<div><a>
<pre style="font-size:0.9em;font-family:courrier,monospace;overflow:auto;padding:5px 15px 5px 25px;border:1px solid rgb(204,204,204);background-color:rgb(245,245,245)">Forms Subflow - ALTERNATIVE
Username/Password Form - REQUIRED
OTP Password Form - OPTIONAL</pre>
</a></div>
<div><br>
</div>
<div><br>
</div>
<div>When can it enter the Optional OTP form? Do we need to add
some code (some condition ?) in the
UsernamePasswordAuthentication Code, so it enters the optional
OTP form authenticator? Or something else? I am not so clear
about the concept of this optional field and how to enter it.
Can someone please explain this in detail?</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>