[keycloak-dev] Returning "attempted" status inside alternative sub-flow

Michael Olney Michael.Olney at iress.com.au
Thu Jan 11 01:52:34 EST 2018


I have two sub-flows set up as follows:

  Subflow 1 - Alternative
      Execution 1 - Required
  Subflow 2 - Alternative
      Execution 2 - Required

Execution 1 is runs a custom authenticator that does the following:

  1.  Issues a challenge
  2.  Returns ATTEMPTED status

The resulting behaviour is that the whole flow fails. I was expecting a jump to Subflow 2, which is what happens if the authenticator returns ATTEMPTED without first issuing a challenge. Is this a bug? I thought that perhaps REQUIRED might apply to the whole flow rather than to a particular sub-flow, but I couldn't find an explicit clarification in the documentation. However, this scenario was mentioned in passing on this list before:


The behaviour seems to originate in `org.keycloak.authentication.DefaultAuthenticationFlow.processResult`.

Important Note
This email (including any attachments) contains information which is confidential and may be subject to legal privilege.  If you are not the intended recipient you must not use, distribute or copy this email.  If you have received this email in error please notify the
sender immediately and delete this email. Any views expressed in this email are not necessarily the views of IRESS Limited.

It is the duty of the recipient to virus scan and otherwise test the information provided before loading onto any computer system.
IRESS Limited does not warrant that the information is free of a virus or any other defect or error.

More information about the keycloak-dev mailing list