On 2/12/2015 8:53 AM, Pedro Igor Silva wrote:
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: "Marek Posolda" <mposolda(a)redhat.com>,
keycloak-dev(a)lists.jboss.org
> Sent: Thursday, February 12, 2015 11:49:05 AM
> Subject: Re: [keycloak-dev] Kerberos progress
>
> I'm just trying to figure out where does the Broker SPI end and the User
> Federation SPI begin? And wondering if our SPIs can be unified,
> simplified, or refactored. For example, how would client-cert auth be
> implemented? Like Kerberos, its a credential that is checked prior to
> displaying a login screen.
>
> Another thing, does the broker SPI allow you to still require extra
> credentials supplied by Keycloak instead of the brokered IDP?
What is the use case ?
You have an IDP that only handles username/password and you want to add
client-cert/otp for additional protection. For example a login to
facebook.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com