The security questions option you are referring to is only an example on how you can implement your own. It's not a built-in feature of Keycloak, nor is it aimed for use as is. It's intended to be simple and focus on showing how to write a custom authenticator, so with that in mind 1 question makes more sense than 3.

On 1 March 2016 at 05:13, Riddhi Rathod <RRathod@carbonite.com> wrote:

Hi all,

If security question option is enabled in the login flow, then the user has to save answer to it (Default question: “What is your mother’s name?”). This question is asked to user in the event of “forget password” for additional level of security. However, in the current system, there is provision of storing only one security Q&A. I am looking to modify this to include the following:

Could this functionality be extended to include 3 security Q&As which is popular practice. I modified the keycloak secret-question.ftl to include 2 more questions. But there is no way to store the additional questions and answers extracted from the ui form in the UserCredentialValueModel (SecretQuestionRequiredAction.java).

The security questions are not fixed i.e. a dropdown menu of questions will be displayed to users and they will be able to select whichever questions they want to.

Does keycloak support storing of multiple security Q&As for a user? Has anyone tried this before?

Thank you,

Riddhi Rathod

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user