<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">For more complicated conditional
workflows like this, you can always use clientSession notes and
save/read the state from here. For example authenticator1 will
call something like this if "particular case" happened:<br>
<br>
clientSession.setNote("someNote", "particularCaseHappened");<br>
<br>
And authenticator2 can then use something like this in the
beginning of method "authenticate" :<br>
<br>
if
("particularCaseHappened".equals(clientSession.getNote("someNote")
{<br>
log.info("Ignoring this authenticator based on fact that
'particular case' from authenticator1 happened");<br>
context.attempted();<br>
return;<br>
}<br>
<br>
Marek<br>
<br>
On 09/06/16 03:48, Rashmi Singh wrote:<br>
</div>
<blockquote
cite="mid:CAJ0vL+Ls9+ODd=dBb_44QhAOuBu0+sohr7roTSUCZgjMTHMhng@mail.gmail.com"
type="cite">
<div dir="ltr">I have one more question on this. I have my own
implementation of two authenticators now: Username Authenticator
(REQUIRED) and OTP authenticator (OPTIONAL) under an ALTERNATIVE
subflow. The second optional authenticator has <span
style="font-size:12.8px">Authenticator.</span><span
style="font-size:12.8px">configuredFor returns false (I have
this because I do not want this to be invoked only when the
user is set in the context already). Now, the second
authenticator is invoked which is good. But, there is one case
in my usernamePassword Authenticator for which the optional
OTPAuthenticator should not be invoked. Can this be achieved?
Other than that case, OTP authenticator should be invoked as
now. Can I stop this second optional OTPAuthenticator from
being invoked for a particular case in my UsernamePassword
authenticator?</span></div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Jun 8, 2016 at 2:04 PM, Rashmi
Singh <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:singhrasster@gmail.com" target="_blank">singhrasster@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">OK, I am clear about this point now. It does
enter the second optional authenticator, so it is good
now. Thank you</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Jun 8, 2016 at 10:43
AM, Rashmi Singh <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:singhrasster@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:singhrasster@gmail.com">singhrasster@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">In general, if we have any two
authenticators under ALTERNATIVE flow, the
second being OPTIONAL, is the optional one
invoked only when context.setUser(user) is set
in the first authenticator? otherwise, the
second OPTIONAL authenticator is never invoked
(irrespective of whether <span
style="font-size:12.8px">Authenticator.configuredFor
returns true or false) at all? Is there a way
to invoke the optional authenticator even when
context.setUser(user) was never done in the
first authenticator?</span></div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Jun 8, 2016
at 5:21 AM, Marek Posolda <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mposolda@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:mposolda@redhat.com">mposolda@redhat.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Currently the OPTIONAL means that
authenticator is used just if it's
configured for particular user (
Authenticator.configuredFor returns
true for that user). In case of OTP,
it means that OTP form is shown just
if OTP is configured for particular
user. <br>
<br>
It looks that OPTIONAL authenticator
needs to return "requiresUser" with
true, otherwise if it doesn't
require user the error will be
returned (even if authenticator is
OPTIONAL).<br>
<br>
Marek
<div>
<div><br>
<br>
On 07/06/16 17:29, Rashmi Singh
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">From the keycloak
documentation and <a
moz-do-not-send="true"
href="https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html"
target="_blank"><a class="moz-txt-link-freetext" href="https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html">https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html</a></a>
<div><br>
</div>
<div>it is not very clear to
me what the OPTIONAL setting
for an execution mean.</div>
<div><br>
</div>
<div>For example, when we have
the following:</div>
<div><br>
</div>
<div><a moz-do-not-send="true">
<pre style="font-size:0.9em;font-family:courrier,monospace;overflow:auto;padding:5px 15px 5px 25px;border:1px solid rgb(204,204,204);background-color:rgb(245,245,245)">Forms Subflow - ALTERNATIVE
Username/Password Form - REQUIRED
OTP Password Form - OPTIONAL</pre>
</a></div>
<div><br>
</div>
<div><br>
</div>
<div>When can it enter the
Optional OTP form? Do we
need to add some code (some
condition ?) in the
UsernamePasswordAuthentication
Code, so it enters the
optional OTP form
authenticator? Or something
else? I am not so clear
about the concept of this
optional field and how to
enter it. Can someone please
explain this in detail?</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
keycloak-dev mailing list
<a moz-do-not-send="true" href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>