[keycloak-dev] bugs and limitations in alternative flows
Bill Burke
bburke at redhat.com
Tue Mar 21 10:58:21 EDT 2017
User just came across this bug, (well I haven't tested it is a bug but
pretty sure it is):
Inside the Browser flow we have
Username Password Form
2SV - sub flow required
OTP execution - alternative
SMS execution - alternative
Neither OTP or SMS challenge is returned and both are just skipped.
Another problem is that if we fixed the above problem there is no code that handles the case where both alternatives are not configured. Finally, there is a limitation if all of this was fixed, what to do if both of these Authenticators are not configured? How is the required action formed and executed?
More information about the keycloak-dev
mailing list