[keycloak-user] Alternative authentication subforms usage
Arnault BESNARD
Arnault.BESNARD at b-com.com
Wed Sep 4 10:28:23 EDT 2019
Hi,
I got a strange behaviour when I use alternative subform in an authentication flow.
Here my test example (Keycloak 7):
* First subform 'PKI' is set as 'alternative'. It contains X509/Validate Username Form set as 'alternative';
* Second subform 'password' is set as 'alternative'. It contains Username Password Form set as 'required'.
>From my understanding, the flow does a X509 Cert authentication with a login/password fallback.
>From my tests, the login/password fallback never works. If X509 cert fails (no PKI or cancel), I always get 'Invalid Credentials message'.
Do I misunderstood the 'alternative' requirement or is it a bug?
Thanks in advance,
Arnault
More information about the keycloak-user
mailing list