[keycloak-user] Alternative authentication subforms usage
Hi,
I got a strange behaviour when I use alternative subform in an authentication flow.
Here my test example (Keycloak 7):
* First subform 'PKI' is set as 'alternative'. It contains X509/Validate
Username Form set as 'alternative';
* Second subform 'password' is set as 'alternative'. It contains Username
Password Form set as 'required'.
From my understanding, the flow does a X509 Cert authentication with a
login/password fallback.
From my tests, the login/password fallback never works. If X509 cert
fails (no PKI or cancel), I always get 'Invalid Credentials message'.
Do I misunderstood the 'alternative' requirement or is it a bug?
Thanks in advance,
Arnault