Dear Keycloak community,
I'm trying to get the following functionality in my browser authentication
flow:
1. Like "OptionalOTP" I'd like to get, after user login authenticator, an
Option2FA (second authentication Factor) that will ask for a second factor
of authentication according to some predicates (client IP, time, user role,
...)
2. I need more than OTP as second factor. OTP is one good solution, but I
need to provide to the end user a set of 2FA, like SMS, MatrixCard and so
on.(can be configured). But I also need to leverage on existing
authenticator, so, my wish is to reuse existing or new Authenticator.
In that sense, I tried to create a skeleton implementation - and share it
through github,
I really need some input from the community, if it sounds correct or if you
have any better idea to implement such a use case.
see .
https://github.com/stevefavez/keycloakext
class : ConditionalMultiFactorAuthenticatorDelegate
I look forward for your valuable feedback.
(By the way, I know that this feature should be implemented in the next
release, but I must implement it on 2.x, because we're using rh sso.)
Thanks in advance for your help.
Best regards
Steve