[keycloak-dev] Decoupled channel authentication (Google Push Authn)

Stian Thorgersen sthorger at redhat.com
Wed Jun 27 02:25:02 EDT 2018


Hi,

Take a look at https://github.com/stianst/authenticator-example. It's just
a POC, but it does pretty much what you're after with regards to an out of
bands authenticator.

Now to make it nice there's two aspects that needs to be worked on:

1. Support for additional multi factor mechanisms - users should be able to
choose between available means, pluggable support including configuration,
etc.. I hope this is something we'll be working on soon.
2. Push based out of bands - we need some concept of authentication events
that the authenticator web page can wait for. I would assume this would use
websockets.

For Google prompt it would be nice to have that available OOTB, but it does
depend on #1 to allow us to properly support more than one multi factor in
a realm.

On Mon, 25 Jun 2018 at 11:23, James Holland <james.holland at outlook.com>
wrote:

> I've added the feature request
> https://issues.jboss.org/browse/KEYCLOAK-7675 for this.
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list