Re: [keycloak-user] Alternative sub flow
I'll need to review our tests, but I think you found a bug. What should
happen is that the SMS's challenge should be rendered as its the last
alternative. I'll have this fixed in next release.
One question though, how is the choice between OTP and SMS decided on?
If OTP isn't configured, then they have to do SMS? What if both aren't
configured? This is probably another limitation of the auth flow.
On 3/21/17 1:23 AM, Matt Evans wrote:
Hi
I have been trying to configure a keycloak flow but have not been successful, and I am
wondering if what I am trying to do is possible.
We have the standard flows
Cookie
Kerberos
Identity Provider Redirector
Browser
Inside the Browser flow we have
Username Password Form
2SV - sub flow required
OTP execution - alternative
SMS execution - alternative
The OTP and SMS executions are custom authenticators, that I'd like to have at least
one of them.
With this configuration I can see the OTP authenticator returns a form from the challenge
method, but it doesn't show the form. The authentication just passes and I am logged
in without asking for either the otp or the sms code.
Can I use the alternative requirements in this way?
Matt
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user