OK, I am clear about this point now. It does enter the second optional
authenticator, so it is good now. Thank you
On Wed, Jun 8, 2016 at 10:43 AM, Rashmi Singh <singhrasster(a)gmail.com>
wrote:
In general, if we have any two authenticators under ALTERNATIVE flow,
the
second being OPTIONAL, is the optional one invoked only when
context.setUser(user) is set in the first authenticator? otherwise, the
second OPTIONAL authenticator is never invoked (irrespective of whether
Authenticator.configuredFor
returns true or false) at all? Is there a way to invoke the optional
authenticator even when context.setUser(user) was never done in the first
authenticator?
On Wed, Jun 8, 2016 at 5:21 AM, Marek Posolda <mposolda(a)redhat.com> wrote:
> Currently the OPTIONAL means that authenticator is used just if it's
> configured for particular user ( Authenticator.configuredFor returns true
> for that user). In case of OTP, it means that OTP form is shown just if OTP
> is configured for particular user.
>
> It looks that OPTIONAL authenticator needs to return "requiresUser" with
> true, otherwise if it doesn't require user the error will be returned (even
> if authenticator is OPTIONAL).
>
> Marek
>
>
> On 07/06/16 17:29, Rashmi Singh wrote:
>
> From the keycloak documentation and
> <
https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.h...
>
https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>
> it is not very clear to me what the OPTIONAL setting for an execution
> mean.
>
> For example, when we have the following:
>
> Forms Subflow - ALTERNATIVE
> Username/Password Form - REQUIRED
> OTP Password Form - OPTIONAL
>
>
>
> When can it enter the Optional OTP form? Do we need to add some code
> (some condition ?) in the UsernamePasswordAuthentication Code, so it enters
> the optional OTP form authenticator? Or something else? I am not so clear
> about the concept of this optional field and how to enter it. Can someone
> please explain this in detail?
>
>
> _______________________________________________
> keycloak-dev mailing
listkeycloak-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>