Currently the OPTIONAL means that authenticator is used just if it's configured for particular user ( Authenticator.configuredFor returns true for that user). In case of OTP, it means that OTP form is shown just if OTP is configured for particular user.

It looks that OPTIONAL authenticator needs to return "requiresUser" with true, otherwise if it doesn't require user the error will be returned (even if authenticator is OPTIONAL).

Marek

On 07/06/16 17:29, Rashmi Singh wrote:

From the keycloak documentation and https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html

it is not very clear to me what the OPTIONAL setting for an execution mean.

For example, when we have the following:
Forms Subflow - ALTERNATIVE Username/Password Form - REQUIRED OTP Password Form - OPTIONAL
When can it enter the Optional OTP form? Do we need to add some code (some condition ?) in the UsernamePasswordAuthentication Code, so it enters the optional OTP form authenticator? Or something else? I am not so clear about the concept of this optional field and how to enter it. Can someone please explain this in detail?
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev