In general, if we have any two authenticators under ALTERNATIVE flow, the second being OPTIONAL, is the optional one invoked only when context.setUser(user) is set in the first authenticator? otherwise, the second OPTIONAL authenticator is never invoked (irrespective of whether Authenticator.configuredFor returns true or false) at all? Is there a way to invoke the optional authenticator even when context.setUser(user) was never done in the first authenticator?On Wed, Jun 8, 2016 at 5:21 AM, Marek Posolda <mposolda@redhat.com> wrote:Currently the OPTIONAL means that authenticator is used just if it's configured for particular user ( Authenticator.configuredFor returns true for that user). In case of OTP, it means that OTP form is shown just if OTP is configured for particular user.
It looks that OPTIONAL authenticator needs to return "requiresUser" with true, otherwise if it doesn't require user the error will be returned (even if authenticator is OPTIONAL).
Marek
On 07/06/16 17:29, Rashmi Singh wrote:
From the keycloak documentation and https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
it is not very clear to me what the OPTIONAL setting for an execution mean.
For example, when we have the following:
When can it enter the Optional OTP form? Do we need to add some code (some condition ?) in the UsernamePasswordAuthentication Code, so it enters the optional OTP form authenticator? Or something else? I am not so clear about the concept of this optional field and how to enter it. Can someone please explain this in detail?
_______________________________________________ keycloak-dev mailing list keycloak-dev@lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev