Customising Keycloak Authentication flow
by Lakshmi Narayana VADALI (lvadali)
Hi ,
Instead of Existing one step authentication(user/pass), We need custom certificate based authentication which is 2-step Authentication as below:
1. Bypass Login screen , instead generate nonce(UUID) and provide intermediate Endpoint URL for Certificate based authentication.
2. Client will come to Certificate based authentication with its certificate and encrypted UUID. After Validating Encrypted UUID
and Client certificate server should generate "Access code".
We have gone through 1.3 Beta source code and realised to achieve this following code changes are needed
1. Changes in TokenService class (login method) to bypass login form and generate UUID.
2. Preserve UUID and url parameters obtained during the call in TokenManager.
3. Redirect to custom_endpoint where client will submit its certificate and encrypted nonce.
This end point will generate "access Code" once cert authentication completed.
It looks we need to make changes in some of core files like TokenService,TokenManager,OAuthFlows,...
Can you please let us know if there is any we can achieve this customization just by hooking our code
(without modifying).
Thanks,
Lakshmi Narayana V