[keycloak-dev] Optional authenticator inside an alternative subflow, how and when is it invoked?
Marek Posolda
mposolda at redhat.com
Wed Jun 8 06:21:41 EDT 2016
Currently the OPTIONAL means that authenticator is used just if it's
configured for particular user ( Authenticator.configuredFor returns
true for that user). In case of OTP, it means that OTP form is shown
just if OTP is configured for particular user.
It looks that OPTIONAL authenticator needs to return "requiresUser" with
true, otherwise if it doesn't require user the error will be returned
(even if authenticator is OPTIONAL).
Marek
On 07/06/16 17:29, Rashmi Singh wrote:
> From the keycloak documentation and
> https://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>
>
> it is not very clear to me what the OPTIONAL setting for an execution
> mean.
>
> For example, when we have the following:
>
> Forms Subflow - ALTERNATIVE
> Username/Password Form - REQUIRED
> OTP Password Form - OPTIONAL
>
>
> When can it enter the Optional OTP form? Do we need to add some code
> (some condition ?) in the UsernamePasswordAuthentication Code, so it
> enters the optional OTP form authenticator? Or something else? I am
> not so clear about the concept of this optional field and how to enter
> it. Can someone please explain this in detail?
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160608/0a08fac7/attachment.html
More information about the keycloak-dev
mailing list