1:42 a.m.
I'm not a big fan of the recent change from Google Authenticator to FreeOTP.
* Google Authenticator is far more widely used than FreeOTP
* We have existing users that use Google Authenticator (we know it works for both, but
they and their users don't)
To support FreeOTP we need to add support for multiple OTP providers so developers/users
themselves can choose between the providers, not us.
9:32 a.m.
Why not just change the pages to link to Google Authenticator *AND*
FreeOTP?
I don't understand what you mean by we need to add support for multiple
OTP providers. Google Authenticator and FreeOTP both already work with
what we currently have.
On 10/13/2014 2:42 AM, Stian Thorgersen wrote:
I'm not a big fan of the recent change from Google Authenticator
to FreeOTP.
* Google Authenticator is far more widely used than FreeOTP
* We have existing users that use Google Authenticator (we know it works for both, but
they and their users don't)
To support FreeOTP we need to add support for multiple OTP providers so developers/users
themselves can choose between the providers, not us.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
12:18 p.m.
New subject: Revert changing from Google Authenticator to FreeOTP
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Monday, 13 October, 2014 4:32:05 PM
Subject: Re: [keycloak-dev] Revert changing from Google Authenticator to FreeOTP
Why not just change the pages to link to Google Authenticator *AND*
FreeOTP?
That's a decent compromise. I just don't want existing developers and their users
to believe Google Authenticator support is gone.
I don't understand what you mean by we need to add support for multiple
OTP providers. Google Authenticator and FreeOTP both already work with
what we currently have.
The protocol is the same, but configuration instructions for users are different.
I think we should have a multi-factor authenticator SPI (or just baked it into the
authenticator SPI I mentioned before) for this. As well as be able to authenticate it
needs to be able to modify the login-totp form and configuration instructions. I think it
should be possible to configure what multi-factor authenticators should be available for a
realm. Then if there is more than one option users can first select which one they want to
use, before being given instructions on how to install and configure the specific
mechanism.
This SPI would also allow using other things that the standard OTP protocol. For example
SMS/email, hardware tokens (i.e. Yubikey). Have a look at http://vimeo.com/72978755
it's pretty cool.
On 10/13/2014 2:42 AM, Stian Thorgersen wrote:
> I'm not a big fan of the recent change from Google Authenticator to
> FreeOTP.
>
> * Google Authenticator is far more widely used than FreeOTP
> * We have existing users that use Google Authenticator (we know it works
> for both, but they and their users don't)
>
> To support FreeOTP we need to add support for multiple OTP providers so
> developers/users themselves can choose between the providers, not us.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
4193
days inactive
4193
days old
2 comments
2 participants
participants (2)
-
Bill Burke -
Stian Thorgersen