[keycloak-user] Conditional OTP per Client
Bill Burke
bburke at redhat.com
Mon Feb 27 09:12:14 EST 2017
You'd have to write custom code for that and understand how the
authentication flow works. I don't think that conditional OTP thing
would work if somebody logged into client A without OTP then visited
client B as the cookie authenticator would trigger and just let client B
have access. We have plans to implement "step up" authentication, but
that is not for awhile.
On 2/26/17 9:03 PM, Adam Keily wrote:
> Can the Conditional OTP authenticator<https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/authenticators/browser/ConditionalOtpFormAuthenticator.java> be implemented per client. E.g. Force OTP when connecting to ClientA but not ClientB. Would this be done using the request URL from the HTTP header?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list