[keycloak-dev] Decoupled channel authentication (Google Push Authn)
Stian Thorgersen
sthorger at redhat.com
Wed Jun 27 15:31:33 EDT 2018
I haven't tried, but you should be able to use authentication notes instead:
ctx.getAuthenticationSession().get/setAuthNote
On Wed, 27 Jun 2018 at 10:45, James Holland <james.holland at outlook.com>
wrote:
> Hi Stian, thanks for this :-)
>
> AuthenticationFlowContext & UserSessionProvider no longer have methods to
> get the ClientSessionModel to lookup the user session, any suggestion on
> how to get this in 4.0.0.Final? I was looking at
> AuthenticationSessionProvider?
>
> I agree with you wrt to your points 1 & 2, websocket callback is something
> I'm working on separately, but only as a method of telling the waiting page
> to refresh instead of polling; just need a distributed Pub/sub & filter (so
> only the specific sessions get called.)
>
> Regards James
>
>
> Stian Thorgersen wrote on 27/06/2018 07:25:
>
> Hi,
>
> Take a look at https://github.com/stianst/authenticator-example. It's
> just a POC, but it does pretty much what you're after with regards to an
> out of bands authenticator.
>
> Now to make it nice there's two aspects that needs to be worked on:
>
> 1. Support for additional multi factor mechanisms - users should be able
> to choose between available means, pluggable support including
> configuration, etc.. I hope this is something we'll be working on soon.
> 2. Push based out of bands - we need some concept of authentication events
> that the authenticator web page can wait for. I would assume this would use
> websockets.
>
> For Google prompt it would be nice to have that available OOTB, but it
> does depend on #1 to allow us to properly support more than one multi
> factor in a realm.
>
> On Mon, 25 Jun 2018 at 11:23, James Holland <james.holland at outlook.com>
> wrote:
>
>> I've added the feature request
>> https://issues.jboss.org/browse/KEYCLOAK-7675 for this.
>>
>>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
More information about the keycloak-dev
mailing list