[keycloak-dev] Any plans to support Web Authentication API?

Stian Thorgersen sthorger at redhat.com
Wed May 30 03:30:18 EDT 2018 

The challenges here is to find decent open source libraries that support
web authentication as well as figuring out how we can test it. We also need
to extend Keycloak to properly support multiple types of two factor
authenticators and not be so hard-coded to just OTP like it is today.

On 29 May 2018 at 12:08, Thomas Darimont <thomas.darimont at googlemail.com>
wrote:

> There was an interesting talk about that at Google i/o 2018
> https://youtu.be/kGGMgEfSzMw
>
> Cheers,
> Thomas
>
> Vlastimil Elias <velias at redhat.com> schrieb am Di., 29. Mai 2018, 11:24:
>
>> Great news, hopefully it will be sooner rather than later to keep
>> Keycloak at the edge of security and modern technologies ;-)
>>
>> Thanks
>>
>> Vl.
>>
>>
>> On 29.5.2018 09:31, Stian Thorgersen wrote:
>> > Yes, we are planning to add support for web authentication, but not
>> > sure if it will be this year or next.
>> >
>> > On 29 May 2018 at 09:16, Vlastimil Elias <velias at redhat.com
>> > <mailto:velias at redhat.com>> wrote:
>> >
>> >     Hi,
>> >
>> >     it looks like that Web Authentication API [1] is going to be a new
>> >     standard widely adopted by browsers to improve web authentication
>> >     security.
>> >
>> >     It helps to prevent phishing attacks (as it automatically validates
>> >     domain of the login page) and allows to use device's auth hardware
>> >     (eg
>> >     biometrics HW) to login into websites.
>> >
>> >     Any plans to support it in Keycloak?
>> >
>> >     More info in Google IO 2018 session and related blogpost [2]
>> >
>> >     Thanks
>> >
>> >     Vlastimil
>> >
>> >     [1] https://www.w3.org/TR/webauthn/ <https://www.w3.org/TR/
>> webauthn/>
>> >
>> >     [2] https://developers.google.com/web/updates/2018/05/webauthn
>> >     <https://developers.google.com/web/updates/2018/05/webauthn>
>> >
>> >     --
>> >     Vlastimil Elias
>> >     Principal Software Engineer, Middleware Engineering Services
>> >     Red Hat
>> >
>> >     _______________________________________________
>> >     keycloak-dev mailing list
>> >     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>> >     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> >     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>> >
>> >
>>
>> --
>> Vlastimil Elias
>> Principal Software Engineer, Middleware Engineering Services
>> Red Hat
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>

More information about the keycloak-dev mailing list