[keycloak-dev] Postpone TOTP SPI to after 1.0.final

Vivek Srivastav (vivsriva) vivsriva at cisco.com
Fri Aug 1 14:13:53 EDT 2014


A general authentication plugin SPI for clients is what we are interested
in.
Any pointers on it, viz. which which classes should I look into would
greatly help.
Kind Regards,
Vivek

On 7/30/14, 4:53 AM, "Stian Thorgersen" <stian at redhat.com> wrote:

>A general authentication plugin SPI for clients should be relatively
>straightforward, not sure about users though.
>
>Credentials for users requires changes to the login flow as well as
>account management pages, so could be tricky to do it in a generic way.
>
>Worth a try though! So let's wait until after 1.0.final with the TOTP
>work.
>
>----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Tuesday, 29 July, 2014 10:36:50 PM
>> Subject: Re: [keycloak-dev] Postpone TOTP SPI to after 1.0.final
>> 
>> By authentication plugin SPI, I actually mean a credential type plugin
>> SPI.  Have a user requesting that they be able to plug in their own
>> client-cert verification mechanism.
>> 
>> On 7/29/2014 5:33 PM, Bill Burke wrote:
>> > Could this TOTP SPI turn into a general authentication plugin SPI?
>>Just
>> > had an inquiry for that type of SPI.
>> >
>> > On 7/29/2014 8:51 AM, Stian Thorgersen wrote:
>> >> Due to there being quite a lot of work to do the required updates to
>> >> properly do a TOTP SPI I propose we post-pone this to 1.1.0.
>> >>
>> >> The work would include:
>> >>
>> >> * A TOTP SPI
>> >> * Account management needs to support multiple TOTPs
>> >> * Select TOTP provider to configure if required to setup TOTP on
>>login
>> >> * Select TOTP provider to use at login if user has multiple
>> >> * Configure what TOTP are permitted for a realm
>> >> * Remember TOTP option (don't ask for TOTP in 30 days on this
>>machine)
>> >> * Email implementation (send a OTP through email)
>> >> * SMS implementation (use an example SMS cloud service to send OTP)
>>- this
>> >> would also require additional fields to registration
>> >> * At least one other TOTP implementation (FreeOTP and Yubikey)
>> >> * ...
>> >> _______________________________________________
>> >> keycloak-dev mailing list
>> >> keycloak-dev at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> >>
>> >
>> 
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> 
>_______________________________________________
>keycloak-dev mailing list
>keycloak-dev at lists.jboss.org
>https://lists.jboss.org/mailman/listinfo/keycloak-dev




More information about the keycloak-dev mailing list