[keycloak-user] Authentication level realm
Steve Favez
favez.steve at gmail.com
Thu Sep 1 10:54:16 EDT 2016
Dear all,
I need to implement the following use case.
My web application is authenticated against a given realm on keycloak,
using a simple user / password authentication model. But a part of my web
app would require a stronger authentication mechanism (a second factor in
fact) based on the current user.
What's the "best" solution using keycloak ? I was thinking of two different
solutions
1. add an attibute in my OIDC token that could be named "level", and having
an adapter that would check the level of the token, and if not
corresponding, redirect to the realm that would ask for the second factor
of authentication
2. Create a "2FA" realm,that would rely on the simple authentication
realm... but is it possible in the same web app (I mean, to use two realms)
Open to any ideas
Thanks
St
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160901/83bde207/attachment.html
More information about the keycloak-user
mailing list