1:32 p.m.
The backend might be pretty straightforward, but we would require some
refactoring of the login page. For example, some credentials (password,
totp) are entered in after displaying a login page. Some credentials
(client cert and cookie) you never even see the login page.
On 8/1/2014 2:13 PM, Vivek Srivastav (vivsriva) wrote:
A general authentication plugin SPI for clients is what we are
interested
in.
Any pointers on it, viz. which which classes should I look into would
greatly help.
Kind Regards,
Vivek
On 7/30/14, 4:53 AM, "Stian Thorgersen" <stian(a)redhat.com> wrote:
> A general authentication plugin SPI for clients should be relatively
> straightforward, not sure about users though.
>
> Credentials for users requires changes to the login flow as well as
> account management pages, so could be tricky to do it in a generic way.
>
> Worth a try though! So let's wait until after 1.0.final with the TOTP
> work.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Tuesday, 29 July, 2014 10:36:50 PM
>> Subject: Re: [keycloak-dev] Postpone TOTP SPI to after 1.0.final
>>
>> By authentication plugin SPI, I actually mean a credential type plugin
>> SPI. Have a user requesting that they be able to plug in their own
>> client-cert verification mechanism.
>>
>> On 7/29/2014 5:33 PM, Bill Burke wrote:
>>> Could this TOTP SPI turn into a general authentication plugin SPI?
>> Just
>>> had an inquiry for that type of SPI.
>>>
>>> On 7/29/2014 8:51 AM, Stian Thorgersen wrote:
>>>> Due to there being quite a lot of work to do the required updates to
>>>> properly do a TOTP SPI I propose we post-pone this to 1.1.0.
>>>>
>>>> The work would include:
>>>>
>>>> * A TOTP SPI
>>>> * Account management needs to support multiple TOTPs
>>>> * Select TOTP provider to configure if required to setup TOTP on
>> login
>>>> * Select TOTP provider to use at login if user has multiple
>>>> * Configure what TOTP are permitted for a realm
>>>> * Remember TOTP option (don't ask for TOTP in 30 days on this
>> machine)
>>>> * Email implementation (send a OTP through email)
>>>> * SMS implementation (use an example SMS cloud service to send OTP)
>> - this
>>>> would also require additional fields to registration
>>>> * At least one other TOTP implementation (FreeOTP and Yubikey)
>>>> * ...
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com