[keycloak-dev] Why do I have to enter the OTP?

Bruno Oliveira bruno at abstractj.org
Tue Jan 13 11:34:23 EST 2015


I think what you meant was something like this
https://www.duosecurity.com/product/user-experience/authentication,
right?

On 2015-01-13, Bill Burke wrote:
>
>
> On 1/13/2015 11:19 AM, Summers Pittman wrote:
> > On 01/13/2015 11:11 AM, Bill Burke wrote:
> >> Why does a user have to enter in the OTP generated by their mobile
> >> device?  Wouldn't it be cooler if the steps were:
> >>
> >> 1. Enter in username password in the browser
> >> 2. Browser blocks and wait for...
> >> 3. Press a button on your OTP iphone app
> >> 4. iphone app sends an HTTP message to Keycloak with username and
> >> generated OTP (in background)
> >> 5. Keycloak sees if a browser app is waiting for OTP verification, then
> >> verifies OTP if so.
> >> 6. Browser unblocks and lets user in.
> >>
> >> Now, the user doesn't ever have to enter the OTP (and mess it up like I
> >> do all the time).  They just need their mobile device.
> >>
> >>
> >>
> > Even better, in Android this can be done from an interactive
> > notification.  You won't even need to open the app.
> >
>
> Probably the same in iOS, no?
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

--

abstractj
PGP: 0x84DC9914


More information about the keycloak-dev mailing list