[keycloak-user] Alternative sub flow
Bill Burke
bburke at redhat.com
Tue Mar 21 09:53:25 EDT 2017
I'll need to review our tests, but I think you found a bug. What should
happen is that the SMS's challenge should be rendered as its the last
alternative. I'll have this fixed in next release.
One question though, how is the choice between OTP and SMS decided on?
If OTP isn't configured, then they have to do SMS? What if both aren't
configured? This is probably another limitation of the auth flow.
On 3/21/17 1:23 AM, Matt Evans wrote:
> Hi
>
> I have been trying to configure a keycloak flow but have not been successful, and I am wondering if what I am trying to do is possible.
>
> We have the standard flows
>
> Cookie
> Kerberos
> Identity Provider Redirector
> Browser
>
> Inside the Browser flow we have
> Username Password Form
> 2SV - sub flow required
> OTP execution - alternative
> SMS execution - alternative
>
> The OTP and SMS executions are custom authenticators, that I'd like to have at least one of them.
>
> With this configuration I can see the OTP authenticator returns a form from the challenge method, but it doesn't show the form. The authentication just passes and I am logged in without asking for either the otp or the sms code.
>
> Can I use the alternative requirements in this way?
>
> Matt
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list