[keycloak-dev] Why do I have to enter the OTP?

Stian Thorgersen stian at redhat.com
Wed Jan 14 03:21:47 EST 2015


Maybe this is something that could be added to FreeOTP? That would be a good reason for folks to switch to Red Hat's over Google's ;)

----- Original Message -----
> From: "Stian Thorgersen" <stian at redhat.com>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 14 January, 2015 9:03:05 AM
> Subject: Re: [keycloak-dev] Why do I have to enter the OTP?
> 
> Look at YubiKey and FIDO U2F
> 
> ----- Original Message -----
> > From: "Bill Burke" <bburke at redhat.com>
> > To: keycloak-dev at lists.jboss.org
> > Sent: Tuesday, 13 January, 2015 5:11:09 PM
> > Subject: [keycloak-dev] Why do I have to enter the OTP?
> > 
> > Why does a user have to enter in the OTP generated by their mobile
> > device?  Wouldn't it be cooler if the steps were:
> > 
> > 1. Enter in username password in the browser
> > 2. Browser blocks and wait for...
> > 3. Press a button on your OTP iphone app
> > 4. iphone app sends an HTTP message to Keycloak with username and
> > generated OTP (in background)
> > 5. Keycloak sees if a browser app is waiting for OTP verification, then
> > verifies OTP if so.
> > 6. Browser unblocks and lets user in.
> > 
> > Now, the user doesn't ever have to enter the OTP (and mess it up like I
> > do all the time).  They just need their mobile device.
> > 
> > 
> > 
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list