[keycloak-dev] Why do I have to enter the OTP?

Bruno Oliveira bruno at abstractj.org
Tue Jan 13 12:01:03 EST 2015


That's for sure a great feature for Keycloak +10000. We planned something last year (http://staging.aerogear.org/docs/planning/roadmaps/AeroGearSecurity/), but due to other priorities we didn't even started.



—

abstractj
PGP: 0x84DC9914

On Tue, Jan 13, 2015 at 2:41 PM, Bill Burke <bburke at redhat.com> wrote:

> Cool.  I knew it couldn't be a unique idea.
> On 1/13/2015 11:34 AM, Bruno Oliveira wrote:
>> I think what you meant was something like this
>> https://www.duosecurity.com/product/user-experience/authentication,
>> right?
>>
>> On 2015-01-13, Bill Burke wrote:
>>>
>>>
>>> On 1/13/2015 11:19 AM, Summers Pittman wrote:
>>>> On 01/13/2015 11:11 AM, Bill Burke wrote:
>>>>> Why does a user have to enter in the OTP generated by their mobile
>>>>> device?  Wouldn't it be cooler if the steps were:
>>>>>
>>>>> 1. Enter in username password in the browser
>>>>> 2. Browser blocks and wait for...
>>>>> 3. Press a button on your OTP iphone app
>>>>> 4. iphone app sends an HTTP message to Keycloak with username and
>>>>> generated OTP (in background)
>>>>> 5. Keycloak sees if a browser app is waiting for OTP verification, then
>>>>> verifies OTP if so.
>>>>> 6. Browser unblocks and lets user in.
>>>>>
>>>>> Now, the user doesn't ever have to enter the OTP (and mess it up like I
>>>>> do all the time).  They just need their mobile device.
>>>>>
>>>>>
>>>>>
>>>> Even better, in Android this can be done from an interactive
>>>> notification.  You won't even need to open the app.
>>>>
>>>
>>> Probably the same in iOS, no?
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>> --
>>
>> abstractj
>> PGP: 0x84DC9914
>>
> -- 
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150113/6cb18b45/attachment.html 


More information about the keycloak-dev mailing list