[keycloak-user] Step-Up Authentication

Nico Burbigh nbquinns at gmail.com
Tue Nov 15 07:22:31 EST 2016

Hi Marek, would you think that the level of authentication should be stored
in the access token or rather as a separate cookie in the SSO server
context? I think it also requires some thoughts around triggering the MFA
on the adapter side.

On Mon, Nov 14, 2016 at 6:02 PM, Marek Posolda <mposolda at redhat.com> wrote:

> Right, we don't have step-up authentication OOTB right now.
> In theory, you can implement some support of it by yourself, because we
> have Authentication SPI. So you can do the flow, which will somehow differ
> the required level of authentication (for example based on some request
> parameter) and then choose the authenticators based on the required level
> etc. But note that it likely won't be trivial to do this properly.
> Marek
> On 12/11/16 03:21, Nico Burbigh wrote:
>> Hi Keycloak users, we have a requirment to provide step-up authentication.
>> Looking at Keycloak server and its adapters, it appears there is no
>> support
>> for it out of the box.
>> Also user group email
>> http://lists.jboss.org/pipermail/keycloak-user/2016-April/005707.html
>> suggests it will come at some stage later.
>> Has anyone used keycloak to provide step up authentication?
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list