What I had in mind with websocket was something along the lines of web page
listens for an event filtered on the authentication session id and the
callback would trigger an event with the authentication session id. Would
be nice if the authenticator SPI would also allow adding callback endpoints
without having to create a realm resource for it.
On Wed, 27 Jun 2018 at 21:31, Stian Thorgersen <sthorger(a)redhat.com> wrote:
I haven't tried, but you should be able to use authentication
notes
instead:
ctx.getAuthenticationSession().get/setAuthNote
On Wed, 27 Jun 2018 at 10:45, James Holland <james.holland(a)outlook.com>
wrote:
> Hi Stian, thanks for this :-)
>
> AuthenticationFlowContext & UserSessionProvider no longer have methods to
> get the ClientSessionModel to lookup the user session, any suggestion on
> how to get this in 4.0.0.Final? I was looking at
> AuthenticationSessionProvider?
>
> I agree with you wrt to your points 1 & 2, websocket callback is
> something I'm working on separately, but only as a method of telling the
> waiting page to refresh instead of polling; just need a distributed Pub/sub
> & filter (so only the specific sessions get called.)
>
> Regards James
>
>
> Stian Thorgersen wrote on 27/06/2018 07:25:
>
> Hi,
>
> Take a look at
https://github.com/stianst/authenticator-example. It's
> just a POC, but it does pretty much what you're after with regards to an
> out of bands authenticator.
>
> Now to make it nice there's two aspects that needs to be worked on:
>
> 1. Support for additional multi factor mechanisms - users should be able
> to choose between available means, pluggable support including
> configuration, etc.. I hope this is something we'll be working on soon.
> 2. Push based out of bands - we need some concept of authentication
> events that the authenticator web page can wait for. I would assume this
> would use websockets.
>
> For Google prompt it would be nice to have that available OOTB, but it
> does depend on #1 to allow us to properly support more than one multi
> factor in a realm.
>
> On Mon, 25 Jun 2018 at 11:23, James Holland <james.holland(a)outlook.com>
> wrote:
>
>> I've added the feature request
>>
https://issues.jboss.org/browse/KEYCLOAK-7675 for this.
>>
>>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>