Re: [keycloak-dev] Customising Keycloak Authentication flow

Thanks for the quick reply. We are planning to authenticate a device(client) which will come with its certificate. It seems two extension points may not work for the requirement we have. The cert implementation for keycloak that is planned may not work for us, as we need to handle this authentication differently. For, e.g., we can’t configure the Realm client’s trust store to contain certificates from all clients. In absence of this we will need the client to provide its certificate which is signed by a specific CA root authority and also establish that it owns the private key for this certificate. Can you please help us understand 1. what kind of hooks are planned and when they are planned? 2. Will the hook help in building 2-step authentication we need?(2-step authentication explained in my initial mail) Thanks, Lakshmi Narayana V -----Original Message----- From: Stian Thorgersen [mailto:stian@redhat.com] Sent: Tuesday, September 09, 2014 1:39 PM To: Lakshmi Narayana VADALI (lvadali) Cc: keycloak-dev(a)lists.jboss.org Subject: Re: [keycloak-dev] Customising Keycloak Authentication flow Afraid at the moment we don't have any proper way to hook into this, but we are planning to add this in the future. I'm assuming you're authenticating clients, not users? If so that's something we plan to add support for at some point. We'll probably add two extension points, one for adding custom login for users (for example a hardware multi-factor auth or even fingerprint scanner) and another for authenticating clients (certificate, jwt, etc.). ----- Original Message -----