[keycloak-user] programmatic authentication flow

Steve Favez favez.steve at gmail.com
Wed Dec 14 08:06:16 EST 2016


Hi all,

I'd like to implement the following use case. I need a Browser
authentication flow that will add, after User / Password Form
Authenticator, a kind of "access rules" authenticator, that will, according
to some request parameters, (for example, ip address, or application) will
add dynamically a second factor authenticator in the flow. (Like OTP or
SMS).
Furthermore, I'd like to be able to provide a choice of 2FA systems to the
end user (For example, we provide a set of second factory, and the end user
can choose the one he'd like to use).
So, if some "strong authentication" criteria are matched during browser
authentication process,  after providing user and password, user will get a
form allowing him to choose the second factory system he'd like to use to
authenticate.
My goal is to be able to reuse existing authenticator. (So, not to write a
big 2fa authenticator with all authenticators duplicated inside).

Thanks in advance for your valuable input

Cheers

St


More information about the keycloak-user mailing list