[keycloak-dev] bugs and limitations in alternative flows

Bill Burke bburke at redhat.com
Tue Mar 21 10:58:21 EDT 2017

User just came across this bug, (well I haven't tested it is a bug but 
pretty sure it is):

Inside the Browser flow we have
Username Password Form
2SV - sub flow required
                 OTP execution - alternative
                 SMS execution - alternative

Neither OTP or SMS challenge is returned and both are just skipped.

Another problem is that if we fixed the above problem there is no code that handles the case where both alternatives are not configured.  Finally, there is a limitation if all of this was fixed, what to do if both of these Authenticators are not configured?  How is the required action formed and executed?

More information about the keycloak-dev mailing list