Re: [keycloak-user] programmatic authentication flow

Hi all, I'd like to implement the following use case. I need a Browser authentication flow that will add, after User / Password Form Authenticator, a kind of "access rules" authenticator, that will, according to some request parameters, (for example, ip address, or application) will add dynamically a second factor authenticator in the flow. (Like OTP or SMS). Furthermore, I'd like to be able to provide a choice of 2FA systems to the end user (For example, we provide a set of second factory, and the end user can choose the one he'd like to use). So, if some "strong authentication" criteria are matched during browser authentication process, after providing user and password, user will get a form allowing him to choose the second factory system he'd like to use to authenticate. My goal is to be able to reuse existing authenticator. (So, not to write a big 2fa authenticator with all authenticators duplicated inside). Thanks in advance for your valuable input Cheers St _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user