Conditional OTP per Client - keycloak-user - Jboss List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Conditional OTP per Client

bearer auth only in keyclaok...

[Keycloak][Get identity provides...

Adam Keily

Sunday, 26 February 2017 Sun, 26 Feb '17

8:03 p.m.

Can the Conditional OTP authenticator<https://github.com/keycloak/keycloak/blob/master/service... be implemented per client. E.g. Force OTP when connecting to ClientA but not ClientB. Would this be done using the request URL from the HTTP header?

Reply

Show replies by date

Bill Burke

Monday, 27 February Mon, 27 Feb

8:12 a.m.

You'd have to write custom code for that and understand how the authentication flow works. I don't think that conditional OTP thing would work if somebody logged into client A without OTP then visited client B as the cookie authenticator would trigger and just let client B have access. We have plans to implement "step up" authentication, but that is not for awhile. On 2/26/17 9:03 PM, Adam Keily wrote:

Can the Conditional OTP authenticator<https://github.com/keycloak/keycloak/blob/master/service... be implemented per client. E.g. Force OTP when connecting to ClientA but not ClientB. Would this be done using the request URL from the HTTP header? _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Reply

2845

days inactive

2845

days old

keycloak-user@lists.jboss.org

Manage subscription

1 comments

2 participants

tags (0)

participants (2)

Adam Keily
Bill Burke