Multi Step HTTP Authentication ------------------------------ Key: ELY-509 URL: https://issues.jboss.org/browse/ELY-509 Project: WildFly Elytron Issue Type: Enhancement Components: HTTP Reporter: Darran Lofthouse Assignee: Farah Juma Fix For: 1.1.0.Beta8 This is a variation of FORM authentication and closely related to ELY-508. The scenario would be prompt for a username, then prompt for a password and if the password is valid and the account supports OTP prompt for the OTP. The mechanism may also be responsible for sending the OTP but that is probably a side topic. I have raised this in terms of being a HTTP mechanism but the main point we need to ensure is covered is the requirements about identifying what checks are required for a specific user and tracking they are all complete.