[keycloak-dev] Why do I have to enter the OTP?

Summers Pittman supittma at redhat.com
Wed Jan 14 08:35:55 EST 2015 

On 01/14/2015 03:21 AM, Stian Thorgersen wrote:
> Maybe this is something that could be added to FreeOTP? That would be a good reason for folks to switch to Red Hat's over Google's ;)
Speaking of FreeOTP I've been meaning to finish up a PR which adds 
Android Wear support...
>
> ----- Original Message -----
>> From: "Stian Thorgersen" <stian at redhat.com>
>> To: "Bill Burke" <bburke at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 14 January, 2015 9:03:05 AM
>> Subject: Re: [keycloak-dev] Why do I have to enter the OTP?
>>
>> Look at YubiKey and FIDO U2F
>>
>> ----- Original Message -----
>>> From: "Bill Burke" <bburke at redhat.com>
>>> To: keycloak-dev at lists.jboss.org
>>> Sent: Tuesday, 13 January, 2015 5:11:09 PM
>>> Subject: [keycloak-dev] Why do I have to enter the OTP?
>>>
>>> Why does a user have to enter in the OTP generated by their mobile
>>> device?  Wouldn't it be cooler if the steps were:
>>>
>>> 1. Enter in username password in the browser
>>> 2. Browser blocks and wait for...
>>> 3. Press a button on your OTP iphone app
>>> 4. iphone app sends an HTTP message to Keycloak with username and
>>> generated OTP (in background)
>>> 5. Keycloak sees if a browser app is waiting for OTP verification, then
>>> verifies OTP if so.
>>> 6. Browser unblocks and lets user in.
>>>
>>> Now, the user doesn't ever have to enter the OTP (and mess it up like I
>>> do all the time).  They just need their mobile device.
>>>
>>>
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


-- 
Summers Pittman
>>Phone:404 941 4698
>>Java is my crack.

More information about the keycloak-dev mailing list